Web lists-archives.com

Re: [Samba] can't do dhcp + samba + bind work together




On Wed, 17 May 2017 21:12:56 -0700 (PDT)
artyom via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Samba - General mailing list wrote
> > On Wed, 17 May 2017 04:26:16 -0700 (PDT)
> > artyom via samba &lt;
> 
> > samba@.samba
> 
> > &gt; wrote:
> > 
> >> I use official manual from wiki.samba.org for install samba 4.6.3
> >> (from source) with bind_dlz on bind 9.9.10 (from source too). My OS
> >> is Debian Jessie x64 8.8 netinst. I use
> >> https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_with_BIND9
> >> article for dynamic dhcp updates on dns zones. DHCP is working but
> >> dns updates not: i have this messages on my syslog then dhcpoffer:
> > 
> >> named[611]: samba_dlz: committed transaction on zone kch.remel.lan
> >> May 17 14:32:09 ad1 remel: DHCP-DNS Update failed: 01
> >>
> > 
> > The forward zone is getting updated but the reverse zone isn't, have
> > you created the reverse zone, it isn't created automatically.
> > 
> > Rowland
> 
> Thanks! Now, then i use 
> 
> /etc/dhcp/bin/dhcp-dyndns.sh add 10.10.1.253 01:02:03:04:06:09
> twofivethree
> 
> and later
> 
> /etc/dhcp/bin/dhcp-dyndns.sh delete 10.10.1.253 01:02:03:04:06:09
> twofivethree
> 
> it's work well, no errors, but then i add a client (windows seven) i
> have:
> 
> May 18 09:10:35 ad1 dhcpd: DHCPDISCOVER from ea:d6:54:12:48:54 via
> eth0 May 18 09:10:36 ad1 dhcpd: DHCPOFFER on 10.10.1.0 to
> ea:d6:54:12:48:54 (test-pc) via eth0
> May 18 09:10:36 ad1 dhcpd: Commit: IP: 10.10.1.0 DHCID:
> 1:ea:d6:54:12:48:54 Name: test-pc
> May 18 09:10:36 ad1 dhcpd: execute_statement argv[0] =
> /etc/dhcp/bin/dhcp-dyndns.sh
> May 18 09:10:36 ad1 dhcpd: execute_statement argv[1] = add
> May 18 09:10:36 ad1 dhcpd: execute_statement argv[2] = 10.10.1.0
> May 18 09:10:36 ad1 dhcpd: execute_statement argv[3] =
> 1:ea:d6:54:12:48:54 May 18 09:10:36 ad1 dhcpd: execute_statement
> argv[4] = test-pc May 18 09:10:36 ad1 dhcpd:
> execute: /etc/dhcp/bin/dhcp-dyndns.sh exit status 256

For some reason the script is failing, probably for a permissions
problem. 
Is apparmor installed ?
Please double check ownership of files etc.

> May 18 09:10:36 ad1 dhcpd: DHCPREQUEST for 10.10.1.0 (10.10.0.3) from
> ea:d6:54:12:48:54 (test-pc) via eth0
> May 18 09:10:36 ad1 dhcpd: DHCPACK on 10.10.1.0 to ea:d6:54:12:48:54
> (test-pc) via eth0
> May 18 09:10:39 ad1 named[607]: samba_dlz: starting transaction on
> zone kch.remel.lan
> May 18 09:10:39 ad1 named[607]: client 10.10.1.0#61811: update
> 'kch.remel.lan/IN' denied
> May 18 09:10:39 ad1 named[607]: samba_dlz: cancelling transaction on
> zone kch.remel.lan
> May 18 09:10:39 ad1 named[607]: samba_dlz: starting transaction on
> zone kch.remel.lan
> May 18 09:10:39 ad1 named[607]: client 10.10.1.0#56098: update
> 'kch.remel.lan/IN' denied
> May 18 09:10:39 ad1 named[607]: samba_dlz: cancelling transaction on
> zone kch.remel.lan
> 
> why it can deny transaction?

This bit is easy, as I said, the script is failing, the above is from
when your clients try to update their own records and get denied.
You need to stop your clients trying to update their own records.

When it does work, you should see something like this in syslog:

May 18 06:32:28 member1 dhcpd: DHCPREQUEST for 192.168.0.118 from cc:4e:ec:e9:c8:d3 via eth0
May 18 06:32:28 member1 dhcpd: DHCPACK on 192.168.0.118 to cc:4e:ec:e9:c8:d3 via eth0
May 18 06:33:40 member1 dhcpd: Commit: IP: 192.168.0.164 DHCID: 1:1c:65:9d:9d:e6:94 Name: EAPDEV-PC
May 18 06:33:40 member1 dhcpd: execute_statement argv[0] = /etc/dhcp/bin/dhcp-dyndns.sh
May 18 06:33:40 member1 dhcpd: execute_statement argv[1] = add
May 18 06:33:40 member1 dhcpd: execute_statement argv[2] = 192.168.0.164
May 18 06:33:40 member1 dhcpd: execute_statement argv[3] = 1:1c:65:9d:9d:e6:94
May 18 06:33:40 member1 dhcpd: execute_statement argv[4] = EAPDEV-PC
May 18 06:33:40 member1 named[1980]: samba_dlz: starting transaction on zone samdom.example.com
May 18 06:33:40 member1 named[1980]: samba_dlz: allowing update of signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=EAPDEV-PC.samdom.example.com tcpaddr=127.0.0.1 type=A key=3578045150.sig-member1.samdom.example.com/160/0
May 18 06:33:40 member1 named[1980]: samba_dlz: allowing update of signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=EAPDEV-PC.samdom.example.com tcpaddr=127.0.0.1 type=A key=3578045150.sig-member1.samdom.example.com/160/0
May 18 06:33:40 member1 named[1980]: client 127.0.0.1#57668/key dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone 'samdom.example.com/NONE': deleting rrset at 'EAPDEV-PC.samdom.example.com' A
May 18 06:33:40 member1 named[1980]: samba_dlz: subtracted rdataset EAPDEV-PC.samdom.example.com 'EAPDEV-PC.samdom.example.com.#0113600#011IN#011A#011192.168.0.164'
May 18 06:33:40 member1 named[1980]: client 127.0.0.1#57668/key dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone 'samdom.example.com/NONE': adding an RR at 'EAPDEV-PC.samdom.example.com' A
May 18 06:33:40 member1 named[1980]: samba_dlz: added rdataset EAPDEV-PC.samdom.example.com 'EAPDEV-PC.samdom.example.com.#0113600#011IN#011A#011192.168.0.164'
May 18 06:33:40 member1 named[1980]: samba_dlz: committed transaction on zone samdom.example.com
May 18 06:33:40 member1 named[1980]: samba_dlz: starting transaction on zone 0.168.192.in-addr.arpa
May 18 06:33:40 member1 named[1980]: samba_dlz: allowing update of signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=164.0.168.192.in-addr.arpa tcpaddr=127.0.0.1 type=PTR key=588484016.sig-member1.samdom.example.com/160/0
May 18 06:33:40 member1 named[1980]: samba_dlz: allowing update of signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=164.0.168.192.in-addr.arpa tcpaddr=127.0.0.1 type=PTR key=588484016.sig-member1.samdom.example.com/160/0
May 18 06:33:40 member1 named[1980]: client 127.0.0.1#40979/key dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone '0.168.192.in-addr.arpa/NONE': deleting rrset at '164.0.168.192.in-addr.arpa' PTR
May 18 06:33:40 member1 named[1980]: samba_dlz: subtracted rdataset 164.0.168.192.in-addr.arpa '164.0.168.192.in-addr.arpa.#0113600#011IN#011PTR#011EAPDEV-PC.samdom.example.com.'
May 18 06:33:40 member1 named[1980]: client 127.0.0.1#40979/key dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone '0.168.192.in-addr.arpa/NONE': adding an RR at '164.0.168.192.in-addr.arpa' PTR
May 18 06:33:40 member1 named[1980]: samba_dlz: added rdataset 164.0.168.192.in-addr.arpa '164.0.168.192.in-addr.arpa.#0113600#011IN#011PTR#011EAPDEV-PC.samdom.example.com.'
May 18 06:33:40 member1 named[1980]: samba_dlz: committed transaction on zone 0.168.192.in-addr.arpa
May 18 06:33:40 member1 root: DHCP-DNS Update succeeded

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba