Samba 4 and dhcp
Rowland Penny
repenny at f2s.com
Sat Dec 29 14:26:56 MST 2012
On 29/12/12 15:13, Rowland Penny wrote:
> On 29/12/12 14:45, Kai Blin wrote:
>>>>> With the internal server, you get nothing.
>>>> That's certainly not correct if you pick the correct log level.
>>> I was talking about the standard log level i.e. log level not set in
>>> smb.conf
>> On log level 0, only pretty catastrophic things should be logged,
>> otherwise the log would be quite large in seconds. I had a bunch of
>> logging output at log level 1 (which is what make test runs at), and
>> people bumped that up to even higher levels to get rid of the noise.
>>
>>>> However, I'm myself a bit confused at what log level to pick for what
>>>> level of output I want to log. And of course if you just use the
>>>> catch-all level 10, you do get a lot of stuff apart from the DNS
>>>> server,
>>>> which makes it hard to spot the correct output.
>>> er, if you are confused what log level to pick, someone who helped to
>>> write Samba, what hope do I have as just a mere user ;-)
>>> Also saying that you do get a lot of stuff is a slight understatement.
>> I'm interested in your proposed solution. How do I get more relevant
>> debugging info to the average user while not printing non-relevant info,
>> when the average user is interested in different output every time?
>>
>>>> Arguably even the log output given by the internal server isn't as
>>>> detailed as the log output in bind.
>>> No argument, using the standard log level gives you nothing from the
>>> internal DNS server, whilst bind is pretty vocal.
>> BIND is sort of a one-trick pony. It's pretty safe to assume that
>> everybody who runs BIND cares about DNS and would like to see DNS stuff
>> in the logs. I don't see the same happening for samba.
>>
>> Cheers,
>> Kai
>>
> Hi Kai, I can understand the problem, raising the log level to 10
> gives that much output, it is just not easily understood. How about a
> line that could be added to smb.conf that would turn on DNS output
> similar to bind9's output when dhcp updates the dns database. If the
> line is not in smb.conf you get no output, but if there is a problem
> you can add the line and get the relevant output in the log.
>
> Rowland
>
>
OK, I take it all back, it isn't working. If the computer isn't in the
dns database it gets added but when the lease expires it does not get
deleted and re-added, running my script manually returns '; TSIG error
with server: tsig verify failure'
If I turn on nsupdate debug, the script returns this:
Reply from SOA query:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14844
;; flags: qr aa ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;home.lan. IN SOA
;; ANSWER SECTION:
home.lan. 3600 IN SOA adserver.home.lan.
hostmaster.home.lan. 1 900 600 86400 0
Found zone name: home.lan
The master is: adserver.home.lan
start_gssrequest
send_gssrequest
recvmsg reply from GSS-TSIG query
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22124
;; flags: qr ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;1694549577.sig-adserver.home.lan. ANY TKEY
;; ANSWER SECTION:
1694549577.sig-adserver.home.lan. 0 ANY TKEY gss-tsig. 1356813879
1356813879 3 NOERROR 182
oYGzMIGwoAMKAQChCwYJKoZIhvcSAQICooGbBIGYYIGVBgkqhkiG9xIB
AgICAG+BhTCBgqADAgEFoQMCAQ+idjB0oAMCAReibQRrjJZe8bcYhgrN
vl+XupZWKTe2Tl2GL6ktgmzbQJgR75R57RMOYoTIeL3irYoeB2Oa+2Wh
Kr2s8Ukul6gcdXj7LFoPrWzSv3phjkpicsu4eDk4ek2zoVq7KcGGydZR
mfMea8fBj9rapCQ4vKc= 0
;; TSIG PSEUDOSECTION:
1694549577.sig-adserver.home.lan. 0 ANY TSIG gss-tsig. 1356813879
300 28 BAQF//////8AAAAAEheU02quJofYwNTwJtHX7g== 22124 NOERROR 0
Sending update to 192.168.0.10#53
; TSIG error with server: tsig verify failure
Reply from update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 23484
;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 2, ADDITIONAL: 1
;; ZONE SECTION:
;home.lan. IN SOA
;; UPDATE SECTION:
testpc.home.lan. 0 ANY A
testpc.home.lan. 3600 IN A 192.168.0.199
;; TSIG PSEUDOSECTION:
1694549577.sig-adserver.home.lan. 0 ANY TSIG gss-tsig. 1356813879
300 28 BAQF//////8AAAAAEheU1PnizfZqib/GDHdhAg== 23484 NOERROR 0
dhcpd: Outgoing update query:
dhcpd: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22124
dhcpd: ;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
dhcpd: ;; QUESTION SECTION:
dhcpd: ;1694549577.sig-adserver.home.lan. ANY TKEY
dhcpd:
dhcpd: ;; ADDITIONAL SECTION:
dhcpd: 1694549577.sig-adserver.home.lan. 0 ANY TKEY gss-tsig.
1356813879 1356813879 3 NOERROR 1276
YIIE+AYGKwYBBQUCoIIE7DCCBOigDTALBgkqhkiG9xIBAgKiggTVBIIE
0WCCBM0GCSqGSIb3EgECAgEAboIEvDCCBLigAwIBBaEDAgEOogcDBQAg
AAAAo4IDuGGCA7QwggOwoAMCAQWhChsISE9NRS5MQU6iIzAhoAMCAQGh
GjAYGwNETlMbEWFkc2VydmVyLmhvbWUubGFuo4IDdjCCA3KgAwIBF6ED
AgEBooIDZASCA2DVkAf04hh89dekV3nU1RH9yw2OrIr5ul8qedvCiMvN
dGM222DHIh5P3083S9zi8WnROXpHmjMxqk1a8btbbd6ELCY6lLCSCLR7
CBt1Rm181FKNDh4qvJZkVdBDgkI4dAQomINFI4fUB5bcanInbi7Ocnti
EEyIHosml1Qznn9/TxFLN/41jNaGqCNQI8SliIsM6lxjwL1owkhPWmzN
0oG0b0mx8v7o+eCr5lD2bl52ych7BsCFTkSP/kE5M8pOH0UnnPCgLwxZ
mIjybWjUudtpdMciKXCaEflPphm6flfWKWsGHTs58+DXdQVxq4x3tArK
xKlVCuOngbI4cNi3GZ1XPua3ATG47a82gdIadAB1Qm42M8drXVosVGzS
M9zbiMl/11UcXC3WIy/76HghTBKw76bL4inImH+pbfk2Yi3g0KZpkvgG
4yQNQTxi6SoBz137ds80Vlz4eNyHIO8iIW2XjtPtttzLi/+jweKnBOOv
s1dqsD5cF88ukJLnHH/jQohh3grODXBAbDNK38M+N12vMpOZq5MAOOd3
WWGT15qsLyGw9RP+B2Xl2QU7JeWpIHl4X0Ju035ogMyFBBNZfXRAdaPl
TPIMSov7+9trmLg3cPTEbt+1OoiD4BUViW3hMTF1CBz29lGOFdCuaS4N 9ABN6oArjJeVXNRuvQ1
dhcpd: y6OQBKZuXRTJh6UQbl5j0ifKl72AOOXtLdaZ7
7jgD1XUJ2BsaZm8maQuCz3qb9jJOHxlzJGAu7eFPs6smvI7zjuFNXt2m
NnXTKHgKFCdy7WVNz78vpvv+1sGgJw493tRZ1SbTihfcuMt/4coh7ri+
YBReCsfn0MN/5SsCQKyumP5hkMEZUaYDjxlKt8dMj5yFG3dCcUfhIR0/
5G7LUzTWZsek1fLNfcKg5v1XiwL6McgmCYik4BbSswNEGz8nnCdWxQFV
jfSrydIoZ9Br6u4J2aSx+N4NfAIId0zwcH0q2z51TAztFzgFAdgGlOQZ
E/adVM10dK9KQjpLRvQ03SfVOA8cD1Ae8K7rwjyuwuHoT4u4T8RFI7TY
Bo/emUiRG4vWuhXxW/LGjctuhlzummWRTzx1h/bLa7tDlpJDq+br0PSs
+4AX3Km8LAs3iYVevK5Q5nCM85tLYyy1jsW0rzzC/+W8EuGkgeYwgeOg
AwIBF6KB2wSB2N6tgCbZBUaEuCDUmpRzmaII0G/QPQx2kl0MJnkXgAik
Qg3tT0cyxP6SQ7sJ7ohr9ZNIYyWqA52JR/+PSBDwuyqDEKehz2uoOE/s
ori1ityDO0wRkLFjSf70vB1it7HsDOgk38fCQpC+t+73Zf2ArN0Zct5l
dJ9sRr+RjJv0wMzChc7ocyS83ozgN8p9F0FqHHAMTOOSVTQY28DJ/mVu
AISNY+e9ZlF5aL2DcetzIgoapwQydENwIg5Qa9RYWTeB7uPdMY/ku4FA
fAZE2WWOHTp58Fq2UUVLEQ== 0
dhcpd:
dhcpd: Outgoing update query:
dhcpd: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 23484
dhcpd: ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 2, ADDITIONAL: 1
dhcpd: ;; ZONE SECTION:
dhcpd: ;home.lan. IN SOA
dhcpd:
dhcpd: ;; UPDATE SECTION:
dhcpd: testpc.home.lan. 0 ANY A
dhcpd: testpc.home.lan. 3600 IN A 192.168.0.199
dhcpd:
dhcpd: ;; TSIG PSEUDOSECTION:
dhcpd: 1694549577.sig-adserver.home.lan. 0 ANY TSIG gss-tsig.
1356813879 300 28 BAQE//////8AAAAAMIummHACwROSDTBjL2SewQ== 23484 NOERROR 0
dhcpd:
Reply from SOA query:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44775
;; flags: qr aa ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;0.168.192.in-addr.arpa. IN SOA
;; ANSWER SECTION:
0.168.192.in-addr.arpa. 3600 IN SOA adserver.home.lan.
hostmaster.home.lan. 2 900 600 86400 3600
Found zone name: 0.168.192.in-addr.arpa
The master is: adserver.home.lan
start_gssrequest
send_gssrequest
recvmsg reply from GSS-TSIG query
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46651
;; flags: qr ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;739911327.sig-adserver.home.lan. ANY TKEY
;; ANSWER SECTION:
739911327.sig-adserver.home.lan. 0 ANY TKEY gss-tsig. 1356813880
1356813880 3 NOERROR 182
oYGzMIGwoAMKAQChCwYJKoZIhvcSAQICooGbBIGYYIGVBgkqhkiG9xIB
AgICAG+BhTCBgqADAgEFoQMCAQ+idjB0oAMCAReibQRrcrBW78zZ6iZh
73lY0kEX4H7pBQn+XFaZO3YmOwG3GflAA2qVluRT2L3Mo29xmMwKzYCz
Q1B6MII0z/Sf+Z3mS5xv5xQydUViYp+YYem2r9vTKCzccD+n71jcB9ZR
4JuLDoyXwf43WxyXAkU= 0
;; TSIG PSEUDOSECTION:
739911327.sig-adserver.home.lan. 0 ANY TSIG gss-tsig. 1356813880
300 28 BAQF//////8AAAAACfdmoXwlBgPg3YEI+rD4vw== 46651 NOERROR 0
Sending update to 192.168.0.10#53
; TSIG error with server: tsig verify failure
Reply from update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 25399
;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 2, ADDITIONAL: 1
;; ZONE SECTION:
;0.168.192.in-addr.arpa. IN SOA
;; UPDATE SECTION:
199.0.168.192.in-addr.arpa. 0 ANY PTR
199.0.168.192.in-addr.arpa. 3600 IN PTR testpc.home.lan.
;; TSIG PSEUDOSECTION:
739911327.sig-adserver.home.lan. 0 ANY TSIG gss-tsig. 1356813880
300 28 BAQF//////8AAAAACfdmonZDMZhNsV+Inafpqg== 25399 NOERROR 0
dhcpd: Outgoing update query:
dhcpd: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46651
dhcpd: ;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
dhcpd: ;; QUESTION SECTION:
dhcpd: ;739911327.sig-adserver.home.lan. ANY TKEY
dhcpd:
dhcpd: ;; ADDITIONAL SECTION:
dhcpd: 739911327.sig-adserver.home.lan. 0 ANY TKEY gss-tsig.
1356813880 1356813880 3 NOERROR 1276
YIIE+AYGKwYBBQUCoIIE7DCCBOigDTALBgkqhkiG9xIBAgKiggTVBIIE
0WCCBM0GCSqGSIb3EgECAgEAboIEvDCCBLigAwIBBaEDAgEOogcDBQAg
AAAAo4IDuGGCA7QwggOwoAMCAQWhChsISE9NRS5MQU6iIzAhoAMCAQGh
GjAYGwNETlMbEWFkc2VydmVyLmhvbWUubGFuo4IDdjCCA3KgAwIBF6ED
AgEBooIDZASCA2DVkAf04hh89dekV3nU1RH9yw2OrIr5ul8qedvCiMvN
dGM222DHIh5P3083S9zi8WnROXpHmjMxqk1a8btbbd6ELCY6lLCSCLR7
CBt1Rm181FKNDh4qvJZkVdBDgkI4dAQomINFI4fUB5bcanInbi7Ocnti
EEyIHosml1Qznn9/TxFLN/41jNaGqCNQI8SliIsM6lxjwL1owkhPWmzN
0oG0b0mx8v7o+eCr5lD2bl52ych7BsCFTkSP/kE5M8pOH0UnnPCgLwxZ
mIjybWjUudtpdMciKXCaEflPphm6flfWKWsGHTs58+DXdQVxq4x3tArK
xKlVCuOngbI4cNi3GZ1XPua3ATG47a82gdIadAB1Qm42M8drXVosVGzS
M9zbiMl/11UcXC3WIy/76HghTBKw76bL4inImH+pbfk2Yi3g0KZpkvgG
4yQNQTxi6SoBz137ds80Vlz4eNyHIO8iIW2XjtPtttzLi/+jweKnBOOv
s1dqsD5cF88ukJLnHH/jQohh3grODXBAbDNK38M+N12vMpOZq5MAOOd3
WWGT15qsLyGw9RP+B2Xl2QU7JeWpIHl4X0Ju035ogMyFBBNZfXRAdaPl
TPIMSov7+9trmLg3cPTEbt+1OoiD4BUViW3hMTF1CBz29lGOFdCuaS4N
9ABN6oArjJeVXNRuvQ1y
dhcpd: 6OQBKZuXRTJh6UQbl5j0ifKl72AOOXtLdaZ7
7jgD1XUJ2BsaZm8maQuCz3qb9jJOHxlzJGAu7eFPs6smvI7zjuFNXt2m
NnXTKHgKFCdy7WVNz78vpvv+1sGgJw493tRZ1SbTihfcuMt/4coh7ri+
YBReCsfn0MN/5SsCQKyumP5hkMEZUaYDjxlKt8dMj5yFG3dCcUfhIR0/
5G7LUzTWZsek1fLNfcKg5v1XiwL6McgmCYik4BbSswNEGz8nnCdWxQFV
jfSrydIoZ9Br6u4J2aSx+N4NfAIId0zwcH0q2z51TAztFzgFAdgGlOQZ
E/adVM10dK9KQjpLRvQ03SfVOA8cD1Ae8K7rwjyuwuHoT4u4T8RFI7TY
Bo/emUiRG4vWuhXxW/LGjctuhlzummWRTzx1h/bLa7tDlpJDq+br0PSs
+4AX3Km8LAs3iYVevK5Q5nCM85tLYyy1jsW0rzzC/+W8EuGkgeYwgeOg
AwIBF6KB2wSB2LlTgjRrDfEg8ILKgMD+I654/dQScQPPnidh5+EOsmLJ
YKONRUSM2vltBadNQP5pAYkHiOv88FZfhHj441gHL+idzVXj4IP4Pisl
qcnB8t8V2+3Iy908/1K2Lb+XLztjb0j8QuvH6qBPSjdKSRBSI6zpEFu8
/rY54oCNCjkmOgArW68gY0Xq2k9IqntPGl7EC7e/C2VhdfByVJMkuCOv
3gca42MuiRqfjVSBYqdmrU+5C25zwsFe86znKEIaNdapw74/SybhVjt+
XNh1r3pkAETIVJ1O93ODXA== 0
dhcpd:
dhcpd: Outgoing update query:
dhcpd: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 25399
dhcpd: ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 2, ADDITIONAL: 1
dhcpd: ;; ZONE SECTION:
dhcpd: ;0.168.192.in-addr.arpa. IN SOA
dhcpd:
dhcpd: ;; UPDATE SECTION:
dhcpd: 199.0.168.192.in-addr.arpa. 0 ANY PTR
dhcpd: 199.0.168.192.in-addr.arpa. 3600 IN PTR testpc.home.lan.
dhcpd:
dhcpd: ;; TSIG PSEUDOSECTION:
dhcpd: 739911327.sig-adserver.home.lan. 0 ANY TSIG gss-tsig.
1356813880 300 28 BAQE//////8AAAAAGRNhQSk3XtQ3kMTr9EN3kA== 25399 NOERROR 0
dhcpd:
dhcpd: DDNS: adding records for 192.168.0.199 <testpc.home.lan> succeeded
There are definite tsig errors but the host gets added, but once added
that is it, it cannot be deleted & re-added because, I presume, of the
tsig error.
Help, where do I go from here.
Rowland
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the samba-technical
mailing list