Samba 4 and dhcp
Rowland Penny
repenny at f2s.com
Mon Dec 31 04:45:37 MST 2012
On 29/12/12 21:26, Rowland Penny wrote:
> On 29/12/12 15:13, Rowland Penny wrote:
>> On 29/12/12 14:45, Kai Blin wrote:
>>>>>> With the internal server, you get nothing.
>>>>> That's certainly not correct if you pick the correct log level.
>>>> I was talking about the standard log level i.e. log level not set in
>>>> smb.conf
>>> On log level 0, only pretty catastrophic things should be logged,
>>> otherwise the log would be quite large in seconds. I had a bunch of
>>> logging output at log level 1 (which is what make test runs at), and
>>> people bumped that up to even higher levels to get rid of the noise.
>>>
>>>>> However, I'm myself a bit confused at what log level to pick for what
>>>>> level of output I want to log. And of course if you just use the
>>>>> catch-all level 10, you do get a lot of stuff apart from the DNS
>>>>> server,
>>>>> which makes it hard to spot the correct output.
>>>> er, if you are confused what log level to pick, someone who helped to
>>>> write Samba, what hope do I have as just a mere user ;-)
>>>> Also saying that you do get a lot of stuff is a slight understatement.
>>> I'm interested in your proposed solution. How do I get more relevant
>>> debugging info to the average user while not printing non-relevant
>>> info,
>>> when the average user is interested in different output every time?
>>>
>>>>> Arguably even the log output given by the internal server isn't as
>>>>> detailed as the log output in bind.
>>>> No argument, using the standard log level gives you nothing from the
>>>> internal DNS server, whilst bind is pretty vocal.
>>> BIND is sort of a one-trick pony. It's pretty safe to assume that
>>> everybody who runs BIND cares about DNS and would like to see DNS stuff
>>> in the logs. I don't see the same happening for samba.
>>>
>>> Cheers,
>>> Kai
>>>
>> Hi Kai, I can understand the problem, raising the log level to 10
>> gives that much output, it is just not easily understood. How about a
>> line that could be added to smb.conf that would turn on DNS output
>> similar to bind9's output when dhcp updates the dns database. If the
>> line is not in smb.conf you get no output, but if there is a problem
>> you can add the line and get the relevant output in the log.
>>
>> Rowland
>>
>>
>
> OK, I take it all back, it isn't working. If the computer isn't in the
> dns database it gets added but when the lease expires it does not get
> deleted and re-added, running my script manually returns '; TSIG error
> with server: tsig verify failure'
> If I turn on nsupdate debug, the script returns this:
>
> Reply from SOA query:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14844
> ;; flags: qr aa ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> ;; QUESTION SECTION:
> ;home.lan. IN SOA
>
> ;; ANSWER SECTION:
> home.lan. 3600 IN SOA adserver.home.lan.
> hostmaster.home.lan. 1 900 600 86400 0
>
> Found zone name: home.lan
> The master is: adserver.home.lan
> start_gssrequest
> send_gssrequest
> recvmsg reply from GSS-TSIG query
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22124
> ;; flags: qr ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> ;; QUESTION SECTION:
> ;1694549577.sig-adserver.home.lan. ANY TKEY
>
> ;; ANSWER SECTION:
> 1694549577.sig-adserver.home.lan. 0 ANY TKEY gss-tsig.
> 1356813879 1356813879 3 NOERROR 182
> oYGzMIGwoAMKAQChCwYJKoZIhvcSAQICooGbBIGYYIGVBgkqhkiG9xIB
> AgICAG+BhTCBgqADAgEFoQMCAQ+idjB0oAMCAReibQRrjJZe8bcYhgrN
> vl+XupZWKTe2Tl2GL6ktgmzbQJgR75R57RMOYoTIeL3irYoeB2Oa+2Wh
> Kr2s8Ukul6gcdXj7LFoPrWzSv3phjkpicsu4eDk4ek2zoVq7KcGGydZR
> mfMea8fBj9rapCQ4vKc= 0
>
> ;; TSIG PSEUDOSECTION:
> 1694549577.sig-adserver.home.lan. 0 ANY TSIG gss-tsig.
> 1356813879 300 28 BAQF//////8AAAAAEheU02quJofYwNTwJtHX7g== 22124
> NOERROR 0
>
> Sending update to 192.168.0.10#53
> ; TSIG error with server: tsig verify failure
>
> Reply from update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 23484
> ;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 2, ADDITIONAL: 1
> ;; ZONE SECTION:
> ;home.lan. IN SOA
>
> ;; UPDATE SECTION:
> testpc.home.lan. 0 ANY A
> testpc.home.lan. 3600 IN A 192.168.0.199
>
> ;; TSIG PSEUDOSECTION:
> 1694549577.sig-adserver.home.lan. 0 ANY TSIG gss-tsig.
> 1356813879 300 28 BAQF//////8AAAAAEheU1PnizfZqib/GDHdhAg== 23484
> NOERROR 0
>
> dhcpd: Outgoing update query:
> dhcpd: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22124
> dhcpd: ;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> dhcpd: ;; QUESTION SECTION:
> dhcpd: ;1694549577.sig-adserver.home.lan. ANY TKEY
> dhcpd:
> dhcpd: ;; ADDITIONAL SECTION:
> dhcpd: 1694549577.sig-adserver.home.lan. 0 ANY TKEY gss-tsig.
> 1356813879 1356813879 3 NOERROR 1276
> YIIE+AYGKwYBBQUCoIIE7DCCBOigDTALBgkqhkiG9xIBAgKiggTVBIIE
> 0WCCBM0GCSqGSIb3EgECAgEAboIEvDCCBLigAwIBBaEDAgEOogcDBQAg
> AAAAo4IDuGGCA7QwggOwoAMCAQWhChsISE9NRS5MQU6iIzAhoAMCAQGh
> GjAYGwNETlMbEWFkc2VydmVyLmhvbWUubGFuo4IDdjCCA3KgAwIBF6ED
> AgEBooIDZASCA2DVkAf04hh89dekV3nU1RH9yw2OrIr5ul8qedvCiMvN
> dGM222DHIh5P3083S9zi8WnROXpHmjMxqk1a8btbbd6ELCY6lLCSCLR7
> CBt1Rm181FKNDh4qvJZkVdBDgkI4dAQomINFI4fUB5bcanInbi7Ocnti
> EEyIHosml1Qznn9/TxFLN/41jNaGqCNQI8SliIsM6lxjwL1owkhPWmzN
> 0oG0b0mx8v7o+eCr5lD2bl52ych7BsCFTkSP/kE5M8pOH0UnnPCgLwxZ
> mIjybWjUudtpdMciKXCaEflPphm6flfWKWsGHTs58+DXdQVxq4x3tArK
> xKlVCuOngbI4cNi3GZ1XPua3ATG47a82gdIadAB1Qm42M8drXVosVGzS
> M9zbiMl/11UcXC3WIy/76HghTBKw76bL4inImH+pbfk2Yi3g0KZpkvgG
> 4yQNQTxi6SoBz137ds80Vlz4eNyHIO8iIW2XjtPtttzLi/+jweKnBOOv
> s1dqsD5cF88ukJLnHH/jQohh3grODXBAbDNK38M+N12vMpOZq5MAOOd3
> WWGT15qsLyGw9RP+B2Xl2QU7JeWpIHl4X0Ju035ogMyFBBNZfXRAdaPl
> TPIMSov7+9trmLg3cPTEbt+1OoiD4BUViW3hMTF1CBz29lGOFdCuaS4N
> 9ABN6oArjJeVXNRuvQ1
> dhcpd: y6OQBKZuXRTJh6UQbl5j0ifKl72AOOXtLdaZ7
> 7jgD1XUJ2BsaZm8maQuCz3qb9jJOHxlzJGAu7eFPs6smvI7zjuFNXt2m
> NnXTKHgKFCdy7WVNz78vpvv+1sGgJw493tRZ1SbTihfcuMt/4coh7ri+
> YBReCsfn0MN/5SsCQKyumP5hkMEZUaYDjxlKt8dMj5yFG3dCcUfhIR0/
> 5G7LUzTWZsek1fLNfcKg5v1XiwL6McgmCYik4BbSswNEGz8nnCdWxQFV
> jfSrydIoZ9Br6u4J2aSx+N4NfAIId0zwcH0q2z51TAztFzgFAdgGlOQZ
> E/adVM10dK9KQjpLRvQ03SfVOA8cD1Ae8K7rwjyuwuHoT4u4T8RFI7TY
> Bo/emUiRG4vWuhXxW/LGjctuhlzummWRTzx1h/bLa7tDlpJDq+br0PSs
> +4AX3Km8LAs3iYVevK5Q5nCM85tLYyy1jsW0rzzC/+W8EuGkgeYwgeOg
> AwIBF6KB2wSB2N6tgCbZBUaEuCDUmpRzmaII0G/QPQx2kl0MJnkXgAik
> Qg3tT0cyxP6SQ7sJ7ohr9ZNIYyWqA52JR/+PSBDwuyqDEKehz2uoOE/s
> ori1ityDO0wRkLFjSf70vB1it7HsDOgk38fCQpC+t+73Zf2ArN0Zct5l
> dJ9sRr+RjJv0wMzChc7ocyS83ozgN8p9F0FqHHAMTOOSVTQY28DJ/mVu
> AISNY+e9ZlF5aL2DcetzIgoapwQydENwIg5Qa9RYWTeB7uPdMY/ku4FA
> fAZE2WWOHTp58Fq2UUVLEQ== 0
> dhcpd:
> dhcpd: Outgoing update query:
> dhcpd: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 23484
> dhcpd: ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 2, ADDITIONAL: 1
> dhcpd: ;; ZONE SECTION:
> dhcpd: ;home.lan. IN SOA
> dhcpd:
> dhcpd: ;; UPDATE SECTION:
> dhcpd: testpc.home.lan. 0 ANY A
> dhcpd: testpc.home.lan. 3600 IN A 192.168.0.199
> dhcpd:
> dhcpd: ;; TSIG PSEUDOSECTION:
> dhcpd: 1694549577.sig-adserver.home.lan. 0 ANY TSIG gss-tsig.
> 1356813879 300 28 BAQE//////8AAAAAMIummHACwROSDTBjL2SewQ== 23484
> NOERROR 0
> dhcpd:
> Reply from SOA query:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44775
> ;; flags: qr aa ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> ;; QUESTION SECTION:
> ;0.168.192.in-addr.arpa. IN SOA
>
> ;; ANSWER SECTION:
> 0.168.192.in-addr.arpa. 3600 IN SOA adserver.home.lan.
> hostmaster.home.lan. 2 900 600 86400 3600
>
> Found zone name: 0.168.192.in-addr.arpa
> The master is: adserver.home.lan
> start_gssrequest
> send_gssrequest
> recvmsg reply from GSS-TSIG query
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46651
> ;; flags: qr ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> ;; QUESTION SECTION:
> ;739911327.sig-adserver.home.lan. ANY TKEY
>
> ;; ANSWER SECTION:
> 739911327.sig-adserver.home.lan. 0 ANY TKEY gss-tsig. 1356813880
> 1356813880 3 NOERROR 182
> oYGzMIGwoAMKAQChCwYJKoZIhvcSAQICooGbBIGYYIGVBgkqhkiG9xIB
> AgICAG+BhTCBgqADAgEFoQMCAQ+idjB0oAMCAReibQRrcrBW78zZ6iZh
> 73lY0kEX4H7pBQn+XFaZO3YmOwG3GflAA2qVluRT2L3Mo29xmMwKzYCz
> Q1B6MII0z/Sf+Z3mS5xv5xQydUViYp+YYem2r9vTKCzccD+n71jcB9ZR
> 4JuLDoyXwf43WxyXAkU= 0
>
> ;; TSIG PSEUDOSECTION:
> 739911327.sig-adserver.home.lan. 0 ANY TSIG gss-tsig. 1356813880
> 300 28 BAQF//////8AAAAACfdmoXwlBgPg3YEI+rD4vw== 46651 NOERROR 0
>
> Sending update to 192.168.0.10#53
> ; TSIG error with server: tsig verify failure
>
> Reply from update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 25399
> ;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 2, ADDITIONAL: 1
> ;; ZONE SECTION:
> ;0.168.192.in-addr.arpa. IN SOA
>
> ;; UPDATE SECTION:
> 199.0.168.192.in-addr.arpa. 0 ANY PTR
> 199.0.168.192.in-addr.arpa. 3600 IN PTR testpc.home.lan.
>
> ;; TSIG PSEUDOSECTION:
> 739911327.sig-adserver.home.lan. 0 ANY TSIG gss-tsig. 1356813880
> 300 28 BAQF//////8AAAAACfdmonZDMZhNsV+Inafpqg== 25399 NOERROR 0
>
> dhcpd: Outgoing update query:
> dhcpd: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46651
> dhcpd: ;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> dhcpd: ;; QUESTION SECTION:
> dhcpd: ;739911327.sig-adserver.home.lan. ANY TKEY
> dhcpd:
> dhcpd: ;; ADDITIONAL SECTION:
> dhcpd: 739911327.sig-adserver.home.lan. 0 ANY TKEY gss-tsig.
> 1356813880 1356813880 3 NOERROR 1276
> YIIE+AYGKwYBBQUCoIIE7DCCBOigDTALBgkqhkiG9xIBAgKiggTVBIIE
> 0WCCBM0GCSqGSIb3EgECAgEAboIEvDCCBLigAwIBBaEDAgEOogcDBQAg
> AAAAo4IDuGGCA7QwggOwoAMCAQWhChsISE9NRS5MQU6iIzAhoAMCAQGh
> GjAYGwNETlMbEWFkc2VydmVyLmhvbWUubGFuo4IDdjCCA3KgAwIBF6ED
> AgEBooIDZASCA2DVkAf04hh89dekV3nU1RH9yw2OrIr5ul8qedvCiMvN
> dGM222DHIh5P3083S9zi8WnROXpHmjMxqk1a8btbbd6ELCY6lLCSCLR7
> CBt1Rm181FKNDh4qvJZkVdBDgkI4dAQomINFI4fUB5bcanInbi7Ocnti
> EEyIHosml1Qznn9/TxFLN/41jNaGqCNQI8SliIsM6lxjwL1owkhPWmzN
> 0oG0b0mx8v7o+eCr5lD2bl52ych7BsCFTkSP/kE5M8pOH0UnnPCgLwxZ
> mIjybWjUudtpdMciKXCaEflPphm6flfWKWsGHTs58+DXdQVxq4x3tArK
> xKlVCuOngbI4cNi3GZ1XPua3ATG47a82gdIadAB1Qm42M8drXVosVGzS
> M9zbiMl/11UcXC3WIy/76HghTBKw76bL4inImH+pbfk2Yi3g0KZpkvgG
> 4yQNQTxi6SoBz137ds80Vlz4eNyHIO8iIW2XjtPtttzLi/+jweKnBOOv
> s1dqsD5cF88ukJLnHH/jQohh3grODXBAbDNK38M+N12vMpOZq5MAOOd3
> WWGT15qsLyGw9RP+B2Xl2QU7JeWpIHl4X0Ju035ogMyFBBNZfXRAdaPl
> TPIMSov7+9trmLg3cPTEbt+1OoiD4BUViW3hMTF1CBz29lGOFdCuaS4N
> 9ABN6oArjJeVXNRuvQ1y
> dhcpd: 6OQBKZuXRTJh6UQbl5j0ifKl72AOOXtLdaZ7
> 7jgD1XUJ2BsaZm8maQuCz3qb9jJOHxlzJGAu7eFPs6smvI7zjuFNXt2m
> NnXTKHgKFCdy7WVNz78vpvv+1sGgJw493tRZ1SbTihfcuMt/4coh7ri+
> YBReCsfn0MN/5SsCQKyumP5hkMEZUaYDjxlKt8dMj5yFG3dCcUfhIR0/
> 5G7LUzTWZsek1fLNfcKg5v1XiwL6McgmCYik4BbSswNEGz8nnCdWxQFV
> jfSrydIoZ9Br6u4J2aSx+N4NfAIId0zwcH0q2z51TAztFzgFAdgGlOQZ
> E/adVM10dK9KQjpLRvQ03SfVOA8cD1Ae8K7rwjyuwuHoT4u4T8RFI7TY
> Bo/emUiRG4vWuhXxW/LGjctuhlzummWRTzx1h/bLa7tDlpJDq+br0PSs
> +4AX3Km8LAs3iYVevK5Q5nCM85tLYyy1jsW0rzzC/+W8EuGkgeYwgeOg
> AwIBF6KB2wSB2LlTgjRrDfEg8ILKgMD+I654/dQScQPPnidh5+EOsmLJ
> YKONRUSM2vltBadNQP5pAYkHiOv88FZfhHj441gHL+idzVXj4IP4Pisl
> qcnB8t8V2+3Iy908/1K2Lb+XLztjb0j8QuvH6qBPSjdKSRBSI6zpEFu8
> /rY54oCNCjkmOgArW68gY0Xq2k9IqntPGl7EC7e/C2VhdfByVJMkuCOv
> 3gca42MuiRqfjVSBYqdmrU+5C25zwsFe86znKEIaNdapw74/SybhVjt+
> XNh1r3pkAETIVJ1O93ODXA== 0
> dhcpd:
> dhcpd: Outgoing update query:
> dhcpd: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 25399
> dhcpd: ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 2, ADDITIONAL: 1
> dhcpd: ;; ZONE SECTION:
> dhcpd: ;0.168.192.in-addr.arpa. IN SOA
> dhcpd:
> dhcpd: ;; UPDATE SECTION:
> dhcpd: 199.0.168.192.in-addr.arpa. 0 ANY PTR
> dhcpd: 199.0.168.192.in-addr.arpa. 3600 IN PTR testpc.home.lan.
> dhcpd:
> dhcpd: ;; TSIG PSEUDOSECTION:
> dhcpd: 739911327.sig-adserver.home.lan. 0 ANY TSIG gss-tsig.
> 1356813880 300 28 BAQE//////8AAAAAGRNhQSk3XtQ3kMTr9EN3kA== 25399
> NOERROR 0
> dhcpd:
> dhcpd: DDNS: adding records for 192.168.0.199 <testpc.home.lan> succeeded
>
> There are definite tsig errors but the host gets added, but once added
> that is it, it cannot be deleted & re-added because, I presume, of the
> tsig error.
>
> Help, where do I go from here.
>
> Rowland
>
>
>
OK, for me, The internal DNS server will not update via a script that
DHCP runs, this script is based on the one at:
http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/.
I have only altered it slightly: to use samba-tool to create the keytab,
and how 'expiration' was set.
This is what I did:
Compiled samba4 & bind 9.9.2, provisioned Samba 4 to use bind9, created
the update script and altered dhcpd.conf as required. Now if I start my
laptop I get this:
Dec 31 10:31:20 adserver dhcpd: Commit: IP: 192.168.0.173 Name: LinPad
Dec 31 10:31:20 adserver dhcpd: execute_statement argv[0] =
/usr/local/sbin/dhcp-dyndns.sh
Dec 31 10:31:20 adserver dhcpd: execute_statement argv[1] = add
Dec 31 10:31:20 adserver dhcpd: execute_statement argv[2] = 192.168.0.173
Dec 31 10:31:20 adserver dhcpd: execute_statement argv[3] =
1:84:a6:c8:3b:da:7b
Dec 31 10:31:20 adserver dhcpd: execute_statement argv[4] = LinPad
Dec 31 10:31:20 adserver named[909]: samba_dlz: starting transaction on
zone home.lan
Dec 31 10:31:20 adserver named[909]: samba_dlz: allowing update of
signer=dhcpduser\@HOME.LAN name=LinPad.home.lan tcpaddr=192.168.0.10
type=A key=727953239.sig-adserver.home.lan/160/0
Dec 31 10:31:20 named[909]: last message repeated 2 times
Dec 31 10:31:20 adserver named[909]: client 192.168.0.10#40096/key
dhcpduser\@HOME.LAN: updating zone 'home.lan/NONE': deleting rrset at
'LinPad.home.lan' A
Dec 31 10:31:20 adserver named[909]: samba_dlz: subtracted rdataset
LinPad.home.lan 'LinPad.home.lan.#0113600#011IN#011A#011192.168.0.173'
Dec 31 10:31:20 adserver named[909]: client 192.168.0.10#40096/key
dhcpduser\@HOME.LAN: updating zone 'home.lan/NONE': deleting rrset at
'LinPad.home.lan' A
Dec 31 10:31:20 adserver named[909]: client 192.168.0.10#40096/key
dhcpduser\@HOME.LAN: updating zone 'home.lan/NONE': adding an RR at
'LinPad.home.lan' A
Dec 31 10:31:20 adserver named[909]: samba_dlz: added rdataset
LinPad.home.lan 'LinPad.home.lan.#0113600#011IN#011A#011192.168.0.173'
Dec 31 10:31:21 adserver named[909]: samba_dlz: committed transaction on
zone home.lan
Dec 31 10:31:21 adserver named[909]: samba_dlz: starting transaction on
zone 0.168.192.in-addr.arpa
Dec 31 10:31:21 adserver named[909]: samba_dlz: allowing update of
signer=dhcpduser\@HOME.LAN name=173.0.168.192.in-addr.arpa
tcpaddr=192.168.0.10 type=PTR key=2869604660.sig-adserver.home.lan/160/0
Dec 31 10:31:21 adserver named[909]: samba_dlz: allowing update of
signer=dhcpduser\@HOME.LAN name=173.0.168.192.in-addr.arpa
tcpaddr=192.168.0.10 type=PTR key=2869604660.sig-adserver.home.lan/160/0
Dec 31 10:31:21 adserver named[909]: client 192.168.0.10#54703/key
dhcpduser\@HOME.LAN: updating zone '0.168.192.in-addr.arpa/NONE':
deleting rrset at '173.0.168.192.in-addr.arpa' PTR
Dec 31 10:31:21 adserver named[909]: samba_dlz: subtracted rdataset
173.0.168.192.in-addr.arpa
'173.0.168.192.in-addr.arpa.#0113600#011IN#011PTR#011LinPad.home.lan.'
Dec 31 10:31:21 adserver named[909]: client 192.168.0.10#54703/key
dhcpduser\@HOME.LAN: updating zone '0.168.192.in-addr.arpa/NONE': adding
an RR at '173.0.168.192.in-addr.arpa' PTR
Dec 31 10:31:21 adserver named[909]: samba_dlz: added rdataset
173.0.168.192.in-addr.arpa
'173.0.168.192.in-addr.arpa.#0113600#011IN#011PTR#011LinPad.home.lan.'
Dec 31 10:31:21 adserver named[909]: samba_dlz: committed transaction on
zone 0.168.192.in-addr.arpa
Dec 31 10:31:21 adserver logger: DHCP-DNS Update succeeded
Dec 31 10:31:21 adserver dhcpd: DHCPREQUEST for 192.168.0.173 from
84:a6:c8:3b:da:7b (LinPad) via eth0
Dec 31 10:31:21 adserver dhcpd: DHCPACK on 192.168.0.173 to
84:a6:c8:3b:da:7b (LinPad) via eth0
Great it works!!!
I now stopped Samba4 & Bind9, moved /usr/local/samba to
/usr/local/samba-bind
Re-ran Samba4 'make install', reprovisioned to use the internal DNS
server and restarted Samba4, I did not start Bind9.
I now turned off, then on again the wireless on the laptop and got this:
Dec 31 10:40:56 adserver dhcpd: Commit: IP: 192.168.0.173 Name: LinPad
Dec 31 10:40:56 adserver dhcpd: execute_statement argv[0] =
/usr/local/sbin/dhcp-dyndns.sh
Dec 31 10:40:56 adserver dhcpd: execute_statement argv[1] = add
Dec 31 10:40:56 adserver dhcpd: execute_statement argv[2] = 192.168.0.173
Dec 31 10:40:56 adserver dhcpd: execute_statement argv[3] =
1:84:a6:c8:3b:da:7b
Dec 31 10:40:56 adserver dhcpd: execute_statement argv[4] = LinPad
Dec 31 10:40:56 adserver logger: DHCP-DNS Update failed: 11
Dec 31 10:40:56 adserver dhcpd: execute: /usr/local/sbin/dhcp-dyndns.sh
exit status 2816
Dec 31 10:40:56 adserver dhcpd: DHCPREQUEST for 192.168.0.173 from
84:a6:c8:3b:da:7b (LinPad) via eth0
Dec 31 10:40:56 adserver dhcpd: DHCPACK on 192.168.0.173 to
84:a6:c8:3b:da:7b (LinPad) via eth0
As you can see it did not update.
OK, move /usr/local/samba to /usr/local/samba-internal, then move
/usr/local/samba-bind back to /usr/local/samba. Restart Samba4 & bind9.
I now turned off, then on again the wireless on the laptop and got this:
Dec 31 10:43:57 adserver dhcpd: Commit: IP: 192.168.0.173 Name: LinPad
Dec 31 10:43:57 adserver dhcpd: execute_statement argv[0] =
/usr/local/sbin/dhcp-dyndns.sh
Dec 31 10:43:57 adserver dhcpd: execute_statement argv[1] = add
Dec 31 10:43:57 adserver dhcpd: execute_statement argv[2] = 192.168.0.173
Dec 31 10:43:57 adserver dhcpd: execute_statement argv[3] =
1:84:a6:c8:3b:da:7b
Dec 31 10:43:57 adserver dhcpd: execute_statement argv[4] = LinPad
Dec 31 10:43:57 adserver named[7617]: samba_dlz: starting transaction on
zone home.lan
Dec 31 10:43:57 adserver named[7617]: samba_dlz: allowing update of
signer=dhcpduser\@HOME.LAN name=LinPad.home.lan tcpaddr=192.168.0.10
type=A key=600884744.sig-adserver.home.lan/160/0
Dec 31 10:43:57 named[7617]: last message repeated 2 times
Dec 31 10:43:57 adserver named[7617]: client 192.168.0.10#49104/key
dhcpduser\@HOME.LAN: updating zone 'home.lan/NONE': deleting rrset at
'LinPad.home.lan' A
Dec 31 10:43:57 adserver named[7617]: samba_dlz: subtracted rdataset
LinPad.home.lan 'LinPad.home.lan.#0113600#011IN#011A#011192.168.0.173'
Dec 31 10:43:57 adserver named[7617]: client 192.168.0.10#49104/key
dhcpduser\@HOME.LAN: updating zone 'home.lan/NONE': deleting rrset at
'LinPad.home.lan' A
Dec 31 10:43:57 adserver named[7617]: client 192.168.0.10#49104/key
dhcpduser\@HOME.LAN: updating zone 'home.lan/NONE': adding an RR at
'LinPad.home.lan' A
Dec 31 10:43:57 adserver named[7617]: samba_dlz: added rdataset
LinPad.home.lan 'LinPad.home.lan.#0113600#011IN#011A#011192.168.0.173'
Dec 31 10:43:57 adserver named[7617]: samba_dlz: committed transaction
on zone home.lan
Dec 31 10:43:58 adserver named[7617]: samba_dlz: starting transaction on
zone 0.168.192.in-addr.arpa
Dec 31 10:43:58 adserver named[7617]: samba_dlz: allowing update of
signer=dhcpduser\@HOME.LAN name=173.0.168.192.in-addr.arpa
tcpaddr=192.168.0.10 type=PTR key=584595905.sig-adserver.home.lan/160/0
Dec 31 10:43:58 adserver named[7617]: samba_dlz: allowing update of
signer=dhcpduser\@HOME.LAN name=173.0.168.192.in-addr.arpa
tcpaddr=192.168.0.10 type=PTR key=584595905.sig-adserver.home.lan/160/0
Dec 31 10:43:58 adserver named[7617]: client 192.168.0.10#51058/key
dhcpduser\@HOME.LAN: updating zone '0.168.192.in-addr.arpa/NONE':
deleting rrset at '173.0.168.192.in-addr.arpa' PTR
Dec 31 10:43:58 adserver named[7617]: samba_dlz: subtracted rdataset
173.0.168.192.in-addr.arpa
'173.0.168.192.in-addr.arpa.#0113600#011IN#011PTR#011LinPad.home.lan.'
Dec 31 10:43:58 adserver named[7617]: client 192.168.0.10#51058/key
dhcpduser\@HOME.LAN: updating zone '0.168.192.in-addr.arpa/NONE': adding
an RR at '173.0.168.192.in-addr.arpa' PTR
Dec 31 10:43:58 adserver named[7617]: samba_dlz: added rdataset
173.0.168.192.in-addr.arpa
'173.0.168.192.in-addr.arpa.#0113600#011IN#011PTR#011LinPad.home.lan.'
Dec 31 10:43:58 adserver named[7617]: samba_dlz: committed transaction
on zone 0.168.192.in-addr.arpa
Dec 31 10:43:58 adserver logger: DHCP-DNS Update succeeded
Dec 31 10:43:58 adserver dhcpd: DHCPREQUEST for 192.168.0.173 from
84:a6:c8:3b:da:7b (LinPad) via eth0
Dec 31 10:43:58 adserver dhcpd: DHCPACK on 192.168.0.173 to
84:a6:c8:3b:da:7b (LinPad) via eth0
OK, it works again.
The original dhcp update script was written to update a windows server,
so as it will not update the internal DNS server, I think that we can
infer that the internal DNS server is not working the same as a windows
server. Not a problem for me, as now I know the limitations of The
internal dns server, I will stop using it and only use bind9.
Rowland
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the samba-technical
mailing list