[Samba] DDNS and DHCP problems
Sam
sr42354 at gmail.com
Tue Nov 17 15:31:06 UTC 2015
Another mistake : The louis's script ddns-kerberos-check.sh was not
running in hourly.cron directory ( i make a chmod 770 to resolve that )
to recall here what I did:
- I cloned the Windows 2000 server AD servers on a private network and I
migrated to samba4
- Meanwhile, users have continued to use the Windows 2000 AD servers on
the production network
- I replaced the production servers by samba4 servers from the private
network.
In fact, the online computers when we deleted the windows 2000 servers
AD are rejected.
If I try a computer created and joined in the new samba4 AD it's working
too.
Are there some things to set before replacing the old DCs? ( like
shortening the leases times on the actual DHCP? )
Or must I restart the above migration procedure without leaving the
running windows 2000 servers for users during that time?
Here is the last extract of syslog :
*for a new linux client :*
Nov 17 13:43:59 S4 dhcpd: data: host_decl_name: not available
Nov 17 13:43:59 S4 dhcpd: execute_statement argv[0] =
/etc/dhcp/bin/dhcp-dyndns-debian.sh
Nov 17 13:43:59 S4 dhcpd: execute_statement argv[1] = add
Nov 17 13:43:59 S4 dhcpd: execute_statement argv[2] = 172.20.4.28
Nov 17 13:43:59 S4 dhcpd: execute_statement argv[3] = dhcp-172-20-4-28
Nov 17 13:43:59 S4 dhcpd: execute_statement argv[4] = 0:50:56:8f:6:f4
Nov 17 13:43:59 S4 dhcpd: DHCPREQUEST for 172.20.4.28 from
00:50:56:8f:06:f4 via eth0
Nov 17 13:43:59 S4 dhcpd: DHCPACK on 172.20.4.28 to 00:50:56:8f:06:f4
via eth0
Nov 17 13:43:59 S4 named[2309]: samba_dlz: starting transaction on zone
ariane.intra
Nov 17 13:43:59 S4 named[2309]: samba_dlz: allowing update of
signer=dhcpd-user\@ARIANE.INTRA name=dhcp-172-20-4-28.ariane.intra
tcpaddr=172.20.2.2 type=A key=1292405312.sig-s4.ariane.intra/160/0
Nov 17 13:43:59 S4 named[2309]: samba_dlz: allowing update of
signer=dhcpd-user\@ARIANE.INTRA name=dhcp-172-20-4-28.ariane.intra
tcpaddr=172.20.2.2 type=A key=1292405312.sig-s4.ariane.intra/160/0
Nov 17 13:43:59 S4 named[2309]: client 172.20.2.2#48911: updating zone
'ariane.intra/NONE': deleting rrset at 'dhcp-172-20-4-28.ariane.intra' A
Nov 17 13:43:59 S4 named[2309]: samba_dlz: subtracted rdataset
dhcp-172-20-4-28.ariane.intra
'dhcp-172-20-4-28.ariane.intra.#0113600#011IN#011A#011172.20.4.28'
Nov 17 13:43:59 S4 named[2309]: client 172.20.2.2#48911: updating zone
'ariane.intra/NONE': adding an RR at 'dhcp-172-20-4-28.ariane.intra' A
Nov 17 13:43:59 S4 named[2309]: samba_dlz: added rdataset
dhcp-172-20-4-28.ariane.intra
'dhcp-172-20-4-28.ariane.intra.#0113600#011IN#011A#011172.20.4.28'
Nov 17 13:43:59 S4 named[2309]: samba_dlz: committed transaction on zone
ariane.intra
Nov 17 13:43:59 S4 named[2309]: samba_dlz: starting transaction on zone
4.20.172.in-addr.arpa
Nov 17 13:43:59 S4 named[2309]: samba_dlz: allowing update of
signer=dhcpd-user\@ARIANE.INTRA name=28.4.20.172.in-addr.arpa
tcpaddr=172.20.2.2 type=PTR key=2742923346.sig-s4.ariane.intra/160/0
Nov 17 13:43:59 S4 named[2309]: samba_dlz: allowing update of
signer=dhcpd-user\@ARIANE.INTRA name=28.4.20.172.in-addr.arpa
tcpaddr=172.20.2.2 type=PTR key=2742923346.sig-s4.ariane.intra/160/0
Nov 17 13:43:59 S4 named[2309]: client 172.20.2.2#55304: updating zone
'4.20.172.in-addr.arpa/NONE': deleting rrset at
'28.4.20.172.in-addr.arpa' PTR
Nov 17 13:43:59 S4 named[2309]: samba_dlz: subtracted rdataset
28.4.20.172.in-addr.arpa
'28.4.20.172.in-addr.arpa.#0113600#011IN#011PTR#011dhcp-172-20-4-28.ariane.intra.'
Nov 17 13:43:59 S4 named[2309]: client 172.20.2.2#55304: updating zone
'4.20.172.in-addr.arpa/NONE': adding an RR at '28.4.20.172.in-addr.arpa' PTR
Nov 17 13:43:59 S4 named[2309]: samba_dlz: added rdataset
28.4.20.172.in-addr.arpa
'28.4.20.172.in-addr.arpa.#0113600#011IN#011PTR#011dhcp-172-20-4-28.ariane.intra.'
Nov 17 13:43:59 S4 named[2309]: samba_dlz: committed transaction on zone
4.20.172.in-addr.arpa
Nov 17 13:43:59 S4 dhcpd: DDNS: adding records for 172.20.4.28
(dhcp-172-20-4-28.ariane.intra) succeeded
*For a new win7 client**:*
Nov 17 14:10:38 S4 dhcpd: execute_statement argv[0] =
/etc/dhcp/bin/dhcp-dyndns-debian.sh
Nov 17 14:10:38 S4 dhcpd: execute_statement argv[1] = add
Nov 17 14:10:38 S4 dhcpd: execute_statement argv[2] = 172.20.4.1
Nov 17 14:10:38 S4 dhcpd: execute_statement argv[3] = client7-PC
Nov 17 14:10:38 S4 dhcpd: execute_statement argv[4] = 0:50:56:8f:18:c0
Nov 17 14:10:38 S4 dhcpd: DHCPREQUEST for 172.20.4.1 from
00:50:56:8f:18:c0 (client7-PC) via eth0
Nov 17 14:10:38 S4 dhcpd: DHCPACK on 172.20.4.1 to 00:50:56:8f:18:c0
(client7-PC) via eth0
Nov 17 14:10:38 S4 named[2309]: samba_dlz: starting transaction on zone
ariane.intra
Nov 17 14:10:38 S4 named[2309]: samba_dlz: disallowing update of
signer=dhcpd-user\@ARIANE.INTRA name=client7-PC.ariane.intra type=A
error=insufficient access rights
Nov 17 14:10:38 S4 named[2309]: client 172.20.2.2#49326: updating zone
'ariane.intra/NONE': update failed: rejected by secure update (REFUSED)
Nov 17 14:10:38 S4 named[2309]: samba_dlz: cancelling transaction on
zone ariane.intra
Nov 17 14:10:38 S4 named[2309]: samba_dlz: starting transaction on zone
ariane.intra
Nov 17 14:10:38 S4 named[2309]: client 172.20.4.1#60306: update
'ariane.intra/IN' denied
Nov 17 14:10:38 S4 named[2309]: samba_dlz: cancelling transaction on
zone ariane.intra
Nov 17 14:10:38 S4 named[2309]: samba_dlz: starting transaction on zone
4.20.172.in-addr.arpa
Nov 17 14:10:38 S4 named[2309]: samba_dlz: allowing update of
signer=dhcpd-user\@ARIANE.INTRA name=1.4.20.172.in-addr.arpa
tcpaddr=172.20.2.2 type=PTR key=3681185047.sig-s4.ariane.intra/160/0
Nov 17 14:10:38 S4 named[2309]: samba_dlz: allowing update of
signer=dhcpd-user\@ARIANE.INTRA name=1.4.20.172.in-addr.arpa
tcpaddr=172.20.2.2 type=PTR key=3681185047.sig-s4.ariane.intra/160/0
Nov 17 14:10:38 S4 named[2309]: client 172.20.2.2#35232: updating zone
'4.20.172.in-addr.arpa/NONE': deleting rrset at
'1.4.20.172.in-addr.arpa' PTR
Nov 17 14:10:38 S4 named[2309]: samba_dlz: subtracted rdataset
1.4.20.172.in-addr.arpa
'1.4.20.172.in-addr.arpa.#0113600#011IN#011PTR#011client7-PC.ariane.intra.'
Nov 17 14:10:38 S4 named[2309]: samba_dlz: starting transaction on zone
ariane.intra
Nov 17 14:10:38 S4 named[2309]: samba_dlz: transaction already started
for zone ariane.intra
Nov 17 14:10:38 S4 named[2309]: sdlz newversion on origin ariane.intra
failed : failure
Nov 17 14:10:38 S4 named[2309]: client 172.20.2.2#35232: updating zone
'4.20.172.in-addr.arpa/NONE': adding an RR at '1.4.20.172.in-addr.arpa' PTR
Nov 17 14:10:38 S4 named[2309]: samba_dlz: added rdataset
1.4.20.172.in-addr.arpa
'1.4.20.172.in-addr.arpa.#0113600#011IN#011PTR#011client7-PC.ariane.intra.'
Nov 17 14:10:38 S4 named[2309]: samba_dlz: committed transaction on zone
4.20.172.in-addr.arpa
Nov 17 14:10:38 S4 dhcpd: DDNS: adding records for 172.20.4.1
(client7-PC.ariane.intra) FAILED: nsupdate status 2
Nov 17 14:10:38 S4 named[2309]: samba_dlz: starting transaction on zone
ariane.intra
Nov 17 14:10:38 S4 named[2309]: client 172.20.4.1#51087: update
'ariane.intra/IN' denied
Nov 17 14:10:38 S4 named[2309]: samba_dlz: cancelling transaction on
zone ariane.intra
Nov 17 14:10:38 S4 named[2309]: samba_dlz: starting transaction on zone
ariane.intra
Nov 17 14:10:38 S4 named[2309]: samba_dlz: allowing update of
signer=client7-pc\$\@ARIANE.INTRA name=client7-PC.ariane.intra tcpaddr=
type=AAAA key=260-ms-7.2-1bcc44.6c4f03db-8d28-11e5-ab9f-0050568f18c0/160/0
Nov 17 14:10:38 S4 named[2309]: samba_dlz: allowing update of
signer=client7-pc\$\@ARIANE.INTRA name=client7-PC.ariane.intra tcpaddr=
type=A key=260-ms-7.2-1bcc44.6c4f03db-8d28-11e5-ab9f-0050568f18c0/160/0
Nov 17 14:10:38 S4 named[2309]: samba_dlz: allowing update of
signer=client7-pc\$\@ARIANE.INTRA name=client7-PC.ariane.intra tcpaddr=
type=A key=260-ms-7.2-1bcc44.6c4f03db-8d28-11e5-ab9f-0050568f18c0/160/0
Nov 17 14:10:38 S4 named[2309]: client 172.20.4.1#60224: updating zone
'ariane.intra/NONE': deleting rrset at 'client7-PC.ariane.intra' AAAA
Nov 17 14:10:38 S4 named[2309]: client 172.20.4.1#60224: updating zone
'ariane.intra/NONE': deleting rrset at 'client7-PC.ariane.intra' A
Nov 17 14:10:38 S4 named[2309]: samba_dlz: subtracted rdataset
client7-PC.ariane.intra
'client7-PC.ariane.intra.#0111200#011IN#011A#011172.20.4.1'
Nov 17 14:10:38 S4 named[2309]: client 172.20.4.1#60224: updating zone
'ariane.intra/NONE': adding an RR at 'client7-PC.ariane.intra' A
Nov 17 14:10:38 S4 named[2309]: samba_dlz: added rdataset
client7-PC.ariane.intra
'client7-PC.ariane.intra.#0111200#011IN#011A#011172.20.4.1'
Nov 17 14:10:38 S4 named[2309]: samba_dlz: committed transaction on zone
ariane.intra
Nov 17 14:10:38 S4 named[2309]: samba_dlz: starting transaction on zone
ariane.intraNov 17 14:10:38 S4 named[2309]: client 172.20.4.1#51226:
update 'ariane.intra/IN' denied
Nov 17 14:10:38 S4 named[2309]: samba_dlz: cancelling transaction on
zone ariane.intra
Nov 17 14:10:38 S4 named[2309]: samba_dlz: starting transaction on zone
ariane.intra
Nov 17 14:10:38 S4 named[2309]: samba_dlz: allowing update of
signer=client7-pc\$\@ARIANE.INTRA name=client7-PC.ariane.intra tcpaddr=
type=AAAA key=260-ms-7.2-1bcc44.6c4f03db-8d28-11e5-ab9f-0050568f18c0/160/0
Nov 17 14:10:38 S4 named[2309]: samba_dlz: allowing update of
signer=client7-pc\$\@ARIANE.INTRA name=client7-PC.ariane.intra tcpaddr=
type=A key=260-ms-7.2-1bcc44.6c4f03db-8d28-11e5-ab9f-0050568f18c0/160/0
Nov 17 14:10:38 S4 named[2309]: samba_dlz: allowing update of
signer=client7-pc\$\@ARIANE.INTRA name=client7-PC.ariane.intra tcpaddr=
type=A key=260-ms-7.2-1bcc44.6c4f03db-8d28-11e5-ab9f-0050568f18c0/160/0
Nov 17 14:10:38 S4 named[2309]: client 172.20.4.1#58165: updating zone
'ariane.intra/NONE': deleting rrset at 'client7-PC.ariane.intra' AAAA
Nov 17 14:10:38 S4 named[2309]: client 172.20.4.1#58165: updating zone
'ariane.intra/NONE': deleting rrset at 'client7-PC.ariane.intra' A
Nov 17 14:10:38 S4 named[2309]: samba_dlz: subtracted rdataset
client7-PC.ariane.intra
'client7-PC.ariane.intra.#0111200#011IN#011A#011172.20.4.1'
Nov 17 14:10:38 S4 named[2309]: client 172.20.4.1#58165: updating zone
'ariane.intra/NONE': adding an RR at 'client7-PC.ariane.intra' A
Nov 17 14:10:38 S4 named[2309]: samba_dlz: added rdataset
client7-PC.ariane.intra
'client7-PC.ariane.intra.#0111200#011IN#011A#011172.20.4.1'
Nov 17 14:10:38 S4 named[2309]: samba_dlz: committed transaction on zone
ariane.intra
Thanks all!
Sam
Le 16/11/2015 19:12, Rowland Penny a écrit :
> On 16/11/15 17:12, Sam wrote:
>> Hello all,
>>
>> I have two new server samba4, with isc-dhcp and Bind. ( Thanks to
>> Louis 's scripts )
>> The AD was migrate from 2 Windows 2000 servers last friday, with a
>> copy of them in a private lan.
>> Today we have shutdown the old windows 2000 server and put the 2 new
>> samba4 in place of them.
>> The problem is that the DHCP does not update the DNS systematically...
>> That works with laptops ( which have not been connected to the lan
>> last week ), but without reverse ptr too...
>>
>> I can see some error in the syslog file :
>> Nov 16 17:19:39 S4 named[2269]: samba_dlz b9_format: unhandled record
>> type 0
>> Nov 16 17:19:53 S4 named[2269]: samba_dlz: starting transaction on
>> zone ariane.intra
>> Nov 16 17:19:53 S4 named[2269]: client 172.21.37.104#51400: update
>> 'ariane.intra/IN' denied
>> Nov 16 17:19:53 S4 named[2269]: samba_dlz: cancelling transaction on
>> zone ariane.intra
>> Nov 16 17:19:53 S4 named[2269]: samba_dlz: starting transaction on
>> zone ariane.intra
>> Nov 16 17:19:53 S4 named[2269]: samba_dlz: disallowing update of
>> signer=l-s4gt963\$\@ARIANE.INTRA name=L-S4GT963.ariane.intra type=A
>> error=insufficient access rights
>> Nov 16 17:19:53 S4 named[2269]: client 172.21.37.104#50486: updating
>> zone 'ariane.intra/NONE': update failed: rejected by secure update
>> (REFUSED)
>> Nov 16 17:19:53 S4 named[2269]: samba_dlz: cancelling transaction on
>> zone ariane.intra
>>
>> I identified these potential mistakes and try to resolve it without
>> better results :
>> - I was trying to update dns in server1 from the server2 dhcp
>> - In smb.conf I set allow dns updates = secure ( and not nonsecure
>> and secure like in the samba wiki )
>>
>> Thanks for helping!
>> Best regards.
>>
>> Sam
>
> It looks to me as if your windows clients are trying to update their
> own records, there is a GPO to stop this.
> You should run dhcp and bind on the same DC. You do not need to change
> anything in smb.conf if your setup is correct.
>
> Rowland
>
More information about the samba
mailing list