Samba 4 and dhcp

Rowland Penny repenny at f2s.com
Fri Dec 28 05:54:51 MST 2012 

On 26/12/12 10:17, Andrew Bartlett wrote:
> On Wed, 2012-12-26 at 10:06 +0000, Rowland Penny wrote:
>> On 26/12/12 09:37, Andrew Bartlett wrote:
>>> On Thu, 2012-12-20 at 15:53 +0000, Rowland Penny wrote:
>>>> Hi, I am having problems with the Samba 4 internal DNS server & DHCP,
>>>> basically it has stopped working. It was working ok on RC5 and when I
>>>> upgraded to the release version it stopped working. By checking the logs
>>>> and running my script by hand, I get the following error:
>>>> TSIG error with server: tsig verify failure
>>>> I get the same error if I run nsupdate directly.
>>>>
>>>> Is this due to the same reason that requires the adding of
>>>> 'acl:search=false' to /usr/local/samba/etc/smb.conf? If so, then adding it
>>>> does not work for me, I have added it and restarted samba4 several times to
>>>> no effect, I have also upgraded to version 4.1.0pre1-GIT-d846199 and it
>>>> still does not work.
>>> Rowland,
>>>
>>> If you can find the revision that it breaks on (with git bisect) this
>>> would be very, very helpful.
>>>
>>> We are aware that there are issues with TSIG (a number of vague
>>> reports), but we have not pinned anything down yet.
>>>
>>> Andrew Bartlett
>>>
>> Hi Andrew, whilst I am quite prepared to start rolling things back, what
>> the heck is 'git bisect' and how do I do it?
>>
>> Rowland
> Grab the v4-0-test branch from git, and apply this tutorial to it:
>
> http://webchick.net/node/99
>
> With building Samba, it won't be 3 mins, but it will save you (and us) a
> lot of time compared with manually guessing.
>
> I realise this may be a lot of work, and we can probably also debug it
> directly, but this is something you can do on your own, if you have the
> time, energy and resources.
>
> Andrew Bartlett
>
OK, I tried to use git bisect, but where ever I started from, I couldn't 
get samba4, dhcp and the update script to work correctly together, so I 
started again.

The plan was to install RC4 and upgrade from there until it stopped 
working, but when I tried to add the reverse zone, samba-tool just 
error-ed out. Upgraded to RC5, samba-tool added the reverse zone but 
wouldn't seem to add anything to the reverse zone.

So I went to plan B, do a fresh install of samba4.0.0 with bind 9.9.2. 
This worked perfectly, so started again and re-installed samba4.0.0 but 
this time using the internal DNS server, this again worked! So all I can 
think of is that some thing went wrong when I initially upgraded from 
one version to another, but what I do not know, because I cannot find 
anything in the logs. It might help if the internal DNS server was a bit 
more verbose, for instance with bind9 you get this in syslog when DHCP 
updates the zones:

samba_dlz: starting transaction on zone home.lan
samba_dlz: allowing update of signer=dhcpduser\@HOME.LAN 
name=LinPad.home.lan tcpaddr=127.0.0.1 type=A 
key=3354811507.sig-adserver.home.lan/160/0
samba_dlz: allowing update of signer=dhcpduser\@HOME.LAN 
name=LinPad.home.lan tcpaddr=127.0.0.1 type=A 
key=3354811507.sig-adserver.home.lan/160/0
client 127.0.0.1#37442/key dhcpduser\@HOME.LAN: updating zone 
'home.lan/NONE': deleting rrset at 'LinPad.home.lan' A
samba_dlz: subtracted rdataset LinPad.home.lan 
'LinPad.home.lan.#0113600#011IN#011A#011192.168.0.173'
client 127.0.0.1#37442/key dhcpduser\@HOME.LAN: updating zone 
'home.lan/NONE': adding an RR at 'LinPad.home.lan' A
samba_dlz: added rdataset LinPad.home.lan 
'LinPad.home.lan.#0113600#011IN#011A#011192.168.0.173'
samba_dlz: committed transaction on zone home.lan
samba_dlz: starting transaction on zone 0.168.192.in-addr.arpa
samba_dlz: allowing update of signer=dhcpduser\@HOME.LAN 
name=173.0.168.192.in-addr.arpa tcpaddr=127.0.0.1 type=PTR 
key=1101022775.sig-adserver.home.lan/160/0
samba_dlz: allowing update of signer=dhcpduser\@HOME.LAN 
name=173.0.168.192.in-addr.arpa tcpaddr=127.0.0.1 type=PTR 
key=1101022775.sig-adserver.home.lan/160/0
client 127.0.0.1#59970/key dhcpduser\@HOME.LAN: updating zone 
'0.168.192.in-addr.arpa/NONE': deleting rrset at 
'173.0.168.192.in-addr.arpa' PTR
samba_dlz: subtracted rdataset 173.0.168.192.in-addr.arpa 
'173.0.168.192.in-addr.arpa.#0113600#011IN#011PTR#011LinPad.home.lan.'
client 127.0.0.1#59970/key dhcpduser\@HOME.LAN: updating zone 
'0.168.192.in-addr.arpa/NONE': adding an RR at 
'173.0.168.192.in-addr.arpa' PTR
samba_dlz: added rdataset 173.0.168.192.in-addr.arpa 
'173.0.168.192.in-addr.arpa.#0113600#011IN#011PTR#011LinPad.home.lan.'
samba_dlz: committed transaction on zone 0.168.192.in-addr.arpa

With the internal server, you get nothing.

Any way it is now working again.

Rowland


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the samba-technical mailing list