Samba 4 and windows dhcp updates

Rowland Penny repenny241155 at gmail.com
Thu Jan 23 03:46:41 MST 2014


Can anybody help me here? I thought my Samba4, bind9.9 and dhcp setup 
worked perfectly until it was pointed out to me that it doesn't work 
with windows clients.

The way it works is that dhcp runs a script, passing to it the relevant 
info and nsupdate does the rest, well I say it works but only with 
anything but windows it would seem.

The script relies on a keytab and the relevant kerberos cache associated 
with it.

If I connect a windows XP machine I find this in syslog:

Jan 23 09:43:29 dc3 dhcpd: Commit: IP: 192.168.0.226 DHCID: 
1:8:0:27:4c:3:f1 Name: windowsxp
Jan 23 09:43:29 dc3 dhcpd: execute_statement argv[0] = 
/usr/local/sbin/dhcp-dyndns.sh
Jan 23 09:43:29 dc3 dhcpd: execute_statement argv[1] = add
Jan 23 09:43:29 dc3 dhcpd: execute_statement argv[2] = 192.168.0.226
Jan 23 09:43:29 dc3 dhcpd: execute_statement argv[3] = 1:8:0:27:4c:3:f1
Jan 23 09:43:29 dc3 dhcpd: execute_statement argv[4] = windowsxp
Jan 23 09:43:29 dc3 named[19791]: samba_dlz: starting transaction on 
zone home.lan
Jan 23 09:43:29 dc3 named[19791]: samba_dlz: disallowing update of 
signer=dhcpduser\@HOME.LAN name=windowsxp.home.lan type=A 
error=insufficient access rights
Jan 23 09:43:29 dc3 named[19791]: client 127.0.0.1#58763/key 
dhcpduser\@HOME.LAN: updating zone 'home.lan/NONE': update failed: 
rejected by secure update (REFUSED)
Jan 23 09:43:29 dc3 named[19791]: samba_dlz: cancelling transaction on 
zone home.lan
Jan 23 09:43:29 dc3 named[19791]: samba_dlz: starting transaction on 
zone 0.168.192.in-addr.arpa
Jan 23 09:43:29 dc3 named[19791]: samba_dlz: disallowing update of 
signer=dhcpduser\@HOME.LAN name=226.0.168.192.in-addr.arpa type=PTR 
error=insufficient access rights
Jan 23 09:43:29 dc3 named[19791]: client 127.0.0.1#43988/key 
dhcpduser\@HOME.LAN: updating zone '0.168.192.in-addr.arpa/NONE': update 
failed: rejected by secure update (REFUSED)
Jan 23 09:43:29 dc3 named[19791]: samba_dlz: cancelling transaction on 
zone 0.168.192.in-addr.arpa
Jan 23 09:43:29 dc3 logger: DHCP-DNS Update failed: 22
Jan 23 09:43:29 dc3 dhcpd: execute: /usr/local/sbin/dhcp-dyndns.sh exit 
status 5632
Jan 23 09:43:29 dc3 dhcpd: DHCPREQUEST for 192.168.0.226 from 
08:00:27:4c:03:f1 (windowsxp) via eth0
Jan 23 09:43:29 dc3 dhcpd: DHCPACK on 192.168.0.226 to 08:00:27:4c:03:f1 
(windowsxp) via eth0

 From this the signer, dhcpduser would seem to have insufficient access 
rights, to where I am not quite sure.

But nearly straight after the above, I find this in syslog:

Jan 23 09:52:56 dc3 dhcpd: Commit: IP: 192.168.0.212 DHCID: 
1:18:28:61:95:cd:4b Name: skywirelessconnector
Jan 23 09:52:56 dc3 dhcpd: execute_statement argv[0] = 
/usr/local/sbin/dhcp-dyndns.sh
Jan 23 09:52:56 dc3 dhcpd: execute_statement argv[1] = add
Jan 23 09:52:56 dc3 dhcpd: execute_statement argv[2] = 192.168.0.212
Jan 23 09:52:56 dc3 dhcpd: execute_statement argv[3] = 1:18:28:61:95:cd:4b
Jan 23 09:52:56 dc3 dhcpd: execute_statement argv[4] = skywirelessconnector
Jan 23 09:52:57 dc3 named[19791]: samba_dlz: starting transaction on 
zone home.lan
Jan 23 09:52:57 dc3 named[19791]: samba_dlz: allowing update of 
signer=dhcpduser\@HOME.LAN name=skywirelessconnector.home.lan 
tcpaddr=127.0.0.1 type=A key=2996983272.sig-dc3.home.lan/160/0
Jan 23 09:52:57 dc3 named[19791]: samba_dlz: allowing update of 
signer=dhcpduser\@HOME.LAN name=skywirelessconnector.home.lan 
tcpaddr=127.0.0.1 type=A key=2996983272.sig-dc3.home.lan/160/0
Jan 23 09:52:57 dc3 named[19791]: client 127.0.0.1#57540/key 
dhcpduser\@HOME.LAN: updating zone 'home.lan/NONE': deleting rrset at 
'skywirelessconnector.home.lan' A
Jan 23 09:52:57 dc3 named[19791]: samba_dlz: subtracted rdataset 
skywirelessconnector.home.lan 
'skywirelessconnector.home.lan.#0113600#011IN#011A#011192.168.0.212'
Jan 23 09:52:57 dc3 named[19791]: client 127.0.0.1#57540/key 
dhcpduser\@HOME.LAN: updating zone 'home.lan/NONE': adding an RR at 
'skywirelessconnector.home.lan' A
Jan 23 09:52:57 dc3 named[19791]: samba_dlz: added rdataset 
skywirelessconnector.home.lan 
'skywirelessconnector.home.lan.#0113600#011IN#011A#011192.168.0.212'
Jan 23 09:52:57 dc3 named[19791]: samba_dlz: committed transaction on 
zone home.lan
Jan 23 09:52:57 dc3 named[19791]: samba_dlz: starting transaction on 
zone 0.168.192.in-addr.arpa
Jan 23 09:52:57 dc3 named[19791]: samba_dlz: allowing update of 
signer=dhcpduser\@HOME.LAN name=212.0.168.192.in-addr.arpa 
tcpaddr=127.0.0.1 type=PTR key=3568226925.sig-dc3.home.lan/160/0
Jan 23 09:52:57 dc3 named[19791]: samba_dlz: allowing update of 
signer=dhcpduser\@HOME.LAN name=212.0.168.192.in-addr.arpa 
tcpaddr=127.0.0.1 type=PTR key=3568226925.sig-dc3.home.lan/160/0
Jan 23 09:52:57 dc3 named[19791]: client 127.0.0.1#41342/key 
dhcpduser\@HOME.LAN: updating zone '0.168.192.in-addr.arpa/NONE': 
deleting rrset at '212.0.168.192.in-addr.arpa' PTR
Jan 23 09:52:57 dc3 named[19791]: samba_dlz: subtracted rdataset 
212.0.168.192.in-addr.arpa 
'212.0.168.192.in-addr.arpa.#0113600#011IN#011PTR#011skywirelessconnector.home.lan.'
Jan 23 09:52:57 dc3 named[19791]: client 127.0.0.1#41342/key 
dhcpduser\@HOME.LAN: updating zone '0.168.192.in-addr.arpa/NONE': adding 
an RR at '212.0.168.192.in-addr.arpa' PTR
Jan 23 09:52:57 dc3 named[19791]: samba_dlz: added rdataset 
212.0.168.192.in-addr.arpa 
'212.0.168.192.in-addr.arpa.#0113600#011IN#011PTR#011skywirelessconnector.home.lan.'
Jan 23 09:52:57 dc3 named[19791]: samba_dlz: committed transaction on 
zone 0.168.192.in-addr.arpa
Jan 23 09:52:57 dc3 logger: DHCP-DNS Update succeeded
Jan 23 09:52:57 dc3 dhcpd: DHCPREQUEST for 192.168.0.212 from 
18:28:61:95:cd:4b (skywirelessconnector) via eth0
Jan 23 09:52:57 dc3 dhcpd: DHCPACK on 192.168.0.212 to 18:28:61:95:cd:4b 
(skywirelessconnector) via eth0

Yes, 9 minutes 27 seconds later dhcpduser does have the right key and 
all without me doing anything.

Anybody got any thoughts on why the script works for anything but 
windows clients ???? or in other words HELPPPP!!! ;-)

Rowland



More information about the samba-technical mailing list