Web lists-archives.com

Re: [Samba] DHCP-DNS problems




On Tue, 2 Jan 2018 15:11:59 +0000
Kristján Valur Jónsson <kristjan@xxxxxx> wrote:

> Here are log files from my two DCs that are set up in redundant DHCP
> mode. One of them is running with the -v flag in dhcp-dyndns, hence
> is much more verbose.
> dc02 is the primary, dc03 is secondary
> log_dc02, log_dc03, show a failed dyndns session from Fridriks_iphone.
> 
> After restarting named (systemctl restart bind), there is a
> successful dhcp from my Redmi phone, in log2_dc02, log2_dc03
> 
> See anything?
> 
> 
> On 18 December 2017 at 17:42, Rowland Penny via samba
> <samba@xxxxxxxxxxxxxxx
> > wrote:
> 
> > On Mon, 18 Dec 2017 17:24:18 +0000
> > Kristján Valur Jónsson via samba <samba@xxxxxxxxxxxxxxx> wrote:
> >
> > > On 18 December 2017 at 16:20, Rowland Penny via samba
> > > <samba@xxxxxxxxxxxxxxx
> > > > wrote:
> > >
> > > >
> > > >
> > > > Even this looks wrong, I would expect something like this:
> > > >
> > > > Dec 18 07:43:59 dc3 dhcpd: DHCPREQUEST for 192.168.0.111 from
> > > > cc:4e:ec:e9:c8:d3 via eth0
> > > > Dec 18 07:43:59 dc3 dhcpd: DHCPACK on 192.168.0.111 to
> > > > cc:4e:ec:e9:c8:d3 via eth0
> > > > Dec 18 07:47:33 dc3 dhcpd: Commit: IP: 192.168.0.88 DHCID:
> > > > 1:ec:8:6b:c:cb:c2 Name: devstation
> > > > Dec 18 07:47:33 dc3 dhcpd: execute_statement argv[0] =
> > > > /usr/local/bin/dhcp-dyndns.sh
> > > > Dec 18 07:47:33 dc3 dhcpd: execute_statement argv[1] = add
> > > > Dec 18 07:47:33 dc3 dhcpd: execute_statement argv[2] =
> > > > 192.168.0.88 Dec 18 07:47:33 dc3 dhcpd: execute_statement
> > > > argv[3] = 1:ec:8:6b:c:cb:c2 Dec 18 07:47:33 dc3 dhcpd:
> > > > execute_statement argv[4] = devstation Dec 18 07:47:33 dc3
> > > > named[22890]: samba_dlz: starting transaction on zone
> > > > samdom.example.com
> > > >
> > > > You don't seem to have the lines that contain the required info.
> > > >
> > > Yes, funny it doesn't show up in /var/log/messages, but journalctl
> > > shows it.
> >
> > If that is the case, then I will not fix the logging, it works on my
> > computer.
> >
> > > Here is an equivalent output:
> > > Dec 18 14:45:20 dc02.rv
> > >
> > > Dec 18 14:45:28 dc02.rvx.is dhcpd[318]: Commit: IP: 192.168.62.107
> > > DHCID: 1:a0:ce:c8:e:35:7c Name: Dadis-MBP
> > > Dec 18 14:45:28 dc02.rvx.is dhcpd[318]: execute_statement argv[0]
> > > = /usr/local/bin/dhcp-dyndns.sh
> > > Dec 18 14:45:28 dc02.rvx.is dhcpd[318]: execute_statement argv[1]
> > > = add Dec 18 14:45:28 dc02.rvx.is dhcpd[318]: execute_statement
> > > argv[2] = 192.168.62.107
> > > Dec 18 14:45:28 dc02.rvx.is dhcpd[318]: execute_statement argv[3]
> > > = 1:a0:ce:c8:e:35:7c
> > > Dec 18 14:45:28 dc02.rvx.is dhcpd[318]: execute_statement argv[4]
> > > = Dadis-MBP
> > > Dec 18 14:45:29 dc02.rvx.is dhcpd[318]: domain is rvx.is
> > > Dec 18 14:45:29 dc02.rvx.is dhcpd[318]: doing add
> > > Dec 18 14:45:30 dc02.rvx.is dhcpd[318]: update failed: NOTAUTH
> > > Dec 18 14:45:30 dc02.rvx.is dhcpd[318]: update failed: NOTAUTH
> > > Dec 18 14:45:30 dc02.rvx.is logger[15729]: DHCP-DNS Update
> > > failed: 22 Dec 18 14:45:30 dc02.rvx.is dhcpd[318]: execute:
> > > /usr/local/bin/dhcp-dyndns.sh exit status 5632
> > > Dec 18 14:45:30 dc02.rvx.is dhcpd[318]: DHCPREQUEST for
> > > 192.168.62.107 from a0:ce:c8:0e:35:7c (Dadis-MBP) via
> > > 192.168.62.254 Dec 18 14:45:30 dc02.rvx.is dhcpd[318]: DHCPACK on
> > > 192.168.62.107 to a0:ce:c8:0e:35:7c (Dadis-MBP) via 192.168.62.254
> > > Dec 18 14:45:48 dc02.rvx.is named[332]: validating @0x6dbff148:
> > > paypal.adtag.where.com A: no valid signature found
> > > Dec 18 14:46:46 dc02.rvx.is named[332]: validating @0x6dc25158:
> > > crl.pki.goog A: no valid signature found
> > > Dec 18 14:47:54 dc02.rvx.is samba[449]: [2017/12/18
> > > 14:47:54.504700,
> > > 0] ../source4/dsdb/dns/dns_update.c:290(dnsupdate_nameupdate_done)
> > > Dec 18 14:47:54 dc02.rvx.is
> > > samba[449]: ../source4/dsdb/dns/dns_update.c:290: Failed DNS
> > > update - with error code 110 Dec 18 14:49:01 dc02.rvx.is
> > > dhcpd[318]: Commit: IP: 192.168.62.107 DHCID: 1:a0:ce:c8:e:35:7c
> > > Name: Dadis-MBP Dec 18 14:49:01 dc02.rvx.is dhcpd[318]:
> > > execute_statement argv[0] = /usr/local/bin/dhcp-dyndns.sh
> > > Dec 18 14:49:01 dc02.rvx.is dhcpd[318]: execute_statement argv[1]
> > > = add Dec 18 14:49:01 dc02.rvx.is dhcpd[318]: execute_statement
> > > argv[2] = 192.168.62.107
> > > Dec 18 14:49:01 dc02.rvx.is dhcpd[318]: execute_statement argv[3]
> > > = 1:a0:ce:c8:e:35:7c
> > > Dec 18 14:49:01 dc02.rvx.is dhcpd[318]: execute_statement argv[4]
> > > = Dadis-MBP
> > > Dec 18 14:49:01 dc02.rvx.is dhcpd[318]: domain is rvx.is
> > > Dec 18 14:49:01 dc02.rvx.is dhcpd[318]: doing add
> > > Dec 18 14:49:02 dc02.rvx.is dhcpd[318]: update failed: NOTAUTH
> > > Dec 18 14:49:02 dc02.rvx.is named[332]: validating @0x6e5e4528:
> > > www.perforce.com A: no valid signature found
> > > Dec 18 14:49:02 dc02.rvx.is named[332]: validating @0x6dc28378:
> > > perforce.com A: no valid signature found
> > > Dec 18 14:49:02 dc02.rvx.is dhcpd[318]: update failed: NOTAUTH
> > > Dec 18 14:49:02 dc02.rvx.is logger[15810]: DHCP-DNS Update
> > > failed: 22 Dec 18 14:49:02 dc02.rvx.is dhcpd[318]: execute:
> > > /usr/local/bin/dhcp-dyndns.sh exit status 5632
> > >
> > >
> > >
> > > >
> > > > No, the script uses nsupdate to update the records in AD.
> > > >
> > > Aha, ok, then it makes sense that restarting named will fix it. It
> > > would appear that named goes into some sort of huff.
> > >
> > >
> > > >
> > > > Can you post (or send them to me direct), the script you are
> > > > using (yes, I know it is the on wiki, but I want to check
> > > > yours), your dhcpd.conf file and your named.conf file(s)
> > > >
> > > Sure.  This is a two-weeks-old setup, and like I said, it works
> > > initially, then gets into trouble..  I'll send you the config.
> >
> > Mine has worked for over 5 years ;-)
> > I will await the files.
> >
> > Rowland
> >
> >
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> 
> 
> 

OK, I have have looked at the logs you sent me, it looks like you have
a kerberos problem, can you post
your /etc/hosts, /etc/hostname, /etc/krb5.conf, /etc/dhcp/dhcpd.conf,
your named files and smb.conf file.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba