[Samba] Configure DHCP to update DNS records problem [FIXED]

Chris Nighswonger samba-list at foundations.edu
Wed Aug 2 18:46:19 UTC 2023 

In the off chance that someone else is in a position of forced usage of an older system, here is the solution that worked for me:

Change line 134 to read

KTYPE="--kerberos=yes"

I'm not a shell guru, but my guess is that something was choking on the space in "-k yes". Maybe due to age.

Thanks to Rowland for the script and for making me determined to make it work for my use-case.

Kind regards,
Chris


----- Original Message -----
From: "samba" <samba at lists.samba.org>
To: "samba" <samba at lists.samba.org>
Sent: Wednesday, August 2, 2023 12:14:58 PM
Subject: [Samba] Configure DHCP to update DNS records problem

Hello all,

After several days of working on this, I'm stuck. Hopefully someone can point out what I'm missing here. 

I'm working with this script to dynamically update my Samba AD DC DNS: 

https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records

Short of it: 

The script does not update the DNS records due to samba-tool failing for some unknown reason. 

Long of it: 

1. As seen below, the script runs as the dhcpd user. 
2. samba-tool executes fine using kerberos when su'ed as the dhcpd user. 
3. However, the samba-tool calls inside the script fail. 

Notes: 

1. I've added a few additional logger lines for my own debugging sanity. 
2. The DHCP server runs on a separate box from the AD DC server. 
3. I'm using a user map entry to map the AD user 'dhcpduser' to the system user 'dhcpd'. 

Version info: 

root at S1:/etc/dhcp (master)# lsb_release -a 
No LSB modules are available. 
Distributor ID: Ubuntu 
Description: Ubuntu 14.04.6 LTS 
Release: 14.04 
Codename: trusty 
root at S1:/etc/dhcp (master)# samba-tool -V 
4.3.11-Ubuntu 
root at S1:/etc/dhcp (master)# /usr/sbin/dhcpd --version 
isc-dhcpd-4.2.4 


Relevant syslog entries: 

Aug 2 10:22:53 S1 dhcpd: execute_statement argv[0] = /usr/local/bin/dhcp-dyndns.sh 
Aug 2 10:22:53 S1 dhcpd: execute_statement argv[1] = add 
Aug 2 10:22:53 S1 dhcpd: execute_statement argv[2] = 192.168.x.x 
Aug 2 10:22:53 S1 dhcpd: execute_statement argv[3] = b8:41:a4:xx:xx:xx 
Aug 2 10:22:53 S1 dhcpd: execute_statement argv[4] = iPhone 
Aug 2 10:22:54 S1 logger: 02-08-23 10:22:54 [dyndns] : Running check for valid kerberos ticket 
Aug 2 10:22:54 S1 logger: I am uid=105(dhcpd) gid=111(dhcpd) groups=111(dhcpd) 
Aug 2 10:22:54 S1 logger: /usr/bin/samba-tool dns query dc1.foo.bar foo.bar iPhone A -k yes 
Aug 2 10:22:55 S1 logger: Results: 0 
Aug 2 10:22:55 S1 logger: A_REC:
Aug 2 10:22:55 S1 logger: 'A' record changed, updating record. 
Aug 2 10:22:55 S1 logger: /usr/bin/samba-tool dns delete dc1.foo.bar foo.bar iPhone A -k yes 
Aug 2 10:22:55 S1 logger: /usr/bin/samba-tool dns add dc1.foo.bar foo.bar iPhone A 192.168.x.x -k yes 
Aug 2 10:22:56 S1 logger: /usr/bin/samba-tool dns zonelist dc1.foo.bar -k yes --reverse 
Aug 2 10:22:56 S1 logger: ReverseZones: 
Aug 2 10:22:57 S1 logger: No reverse zone found, not updating 
Aug 2 10:22:57 S1 logger: RESULTS: 2:2:0:0 
Aug 2 10:22:57 S1 logger: count: 1 
Aug 2 10:22:57 S1 logger: DHCP-DNS add failed: 2:2:0:0 
Aug 2 10:22:57 S1 dhcpd: execute: /usr/local/bin/dhcp-dyndns.sh exit status 256 


root at S1:/etc/dhcp (master)# ps -ef | egrep -i samba-tool 
dhcpd 13461 13460 0 10:21 ? 00:00:00 /usr/bin/python2.7 /usr/bin/samba-tool dns zonelist dc1.foo.bar -k yes --reverse 


root at S1:/etc/dhcp (master)# su dhcpd 
dhcpd at S1:/etc/dhcp$ id 
uid=105(dhcpd) gid=111(dhcpd) groups=111(dhcpd) 
dhcpd at S1:/etc/dhcp$ /usr/bin/python2.7 /usr/bin/samba-tool dns zonelist dc1.foo.bar -k yes --reverse 
6 zone(s) found 

pszZoneName : x.168.192.in-addr.arpa 
Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE 
ZoneType : DNS_ZONE_TYPE_PRIMARY 
Version : 50 
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED 
pszDpFqdn : DomainDnsZones.foo.bar 

pszZoneName : x.168.192.in-addr.arpa 
Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE 
ZoneType : DNS_ZONE_TYPE_PRIMARY 
Version : 50 
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED 
pszDpFqdn : DomainDnsZones.foo.bar 

pszZoneName : x.168.192.in-addr.arpa 
Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE 
ZoneType : DNS_ZONE_TYPE_PRIMARY 
Version : 50 
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED 
pszDpFqdn : DomainDnsZones.foo.bar 

pszZoneName : x.168.192.in-addr.arpa 
Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE 
ZoneType : DNS_ZONE_TYPE_PRIMARY 
Version : 50 
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED 
pszDpFqdn : DomainDnsZones.foo.bar 

pszZoneName : x.168.192.in-addr.arpa 
Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE 
ZoneType : DNS_ZONE_TYPE_PRIMARY 
Version : 50 
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED 
pszDpFqdn : DomainDnsZones.foo.bar 

pszZoneName : x.168.192.in-addr.arpa 
Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE 
ZoneType : DNS_ZONE_TYPE_PRIMARY 
Version : 50 
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED 
pszDpFqdn : DomainDnsZones.foo.bar 
dhcpd at S1:/etc/dhcp$ exit

Kind regards,
Chris

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list