[Samba] DDNS and DHCP problems

Tue Nov 17 15:50:10 UTC 2015

Hai Sam, 

i see. 

samba_dlz: disallowing update of signer=dhcpd-user\@ARIANE.INTRA name=client7-PC.ariane.intra type=A error=insufficient access rights

try this. 
Poweroff that pc. 
Remove the A and PTR records from DNS. 
Start up again and post that log. 

Or check the owner and rights on the A and PTR records. 
I this there is your error, and probely because of testing out. 

Gr. 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Sam
> Verzonden: dinsdag 17 november 2015 16:31
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] DDNS and DHCP problems
> 
> Another mistake : The louis's script ddns-kerberos-check.sh was not
> running in hourly.cron directory  ( i make a chmod 770 to resolve that )
> 
> to recall here what I did:
> - I cloned the Windows 2000 server AD servers on a private network and I
> migrated to samba4
> - Meanwhile, users have continued to use the Windows 2000 AD servers on
> the production network
> - I replaced the production servers by samba4 servers from the private
> network.
> 
> In fact, the online computers when we deleted the windows 2000 servers
> AD are rejected.
> If I try a computer created and joined in the new samba4 AD it's working
> too.
> 
> Are there some things to set before replacing the old DCs? ( like
> shortening the leases times on the actual DHCP? )
> Or must I restart the above migration procedure without leaving the
> running windows 2000 servers for users during that time?
> 
> Here is the last extract of syslog :
> 
> *for a new linux client :*
> Nov 17 13:43:59 S4 dhcpd: data: host_decl_name: not available
> Nov 17 13:43:59 S4 dhcpd: execute_statement argv[0] =
> /etc/dhcp/bin/dhcp-dyndns-debian.sh
> Nov 17 13:43:59 S4 dhcpd: execute_statement argv[1] = add
> Nov 17 13:43:59 S4 dhcpd: execute_statement argv[2] = 172.20.4.28
> Nov 17 13:43:59 S4 dhcpd: execute_statement argv[3] = dhcp-172-20-4-28
> Nov 17 13:43:59 S4 dhcpd: execute_statement argv[4] = 0:50:56:8f:6:f4
> Nov 17 13:43:59 S4 dhcpd: DHCPREQUEST for 172.20.4.28 from
> 00:50:56:8f:06:f4 via eth0
> Nov 17 13:43:59 S4 dhcpd: DHCPACK on 172.20.4.28 to 00:50:56:8f:06:f4
> via eth0
> Nov 17 13:43:59 S4 named[2309]: samba_dlz: starting transaction on zone
> ariane.intra
> Nov 17 13:43:59 S4 named[2309]: samba_dlz: allowing update of
> signer=dhcpd-user\@ARIANE.INTRA name=dhcp-172-20-4-28.ariane.intra
> tcpaddr=172.20.2.2 type=A key=1292405312.sig-s4.ariane.intra/160/0
> Nov 17 13:43:59 S4 named[2309]: samba_dlz: allowing update of
> signer=dhcpd-user\@ARIANE.INTRA name=dhcp-172-20-4-28.ariane.intra
> tcpaddr=172.20.2.2 type=A key=1292405312.sig-s4.ariane.intra/160/0
> Nov 17 13:43:59 S4 named[2309]: client 172.20.2.2#48911: updating zone
> 'ariane.intra/NONE': deleting rrset at 'dhcp-172-20-4-28.ariane.intra' A
> Nov 17 13:43:59 S4 named[2309]: samba_dlz: subtracted rdataset
> dhcp-172-20-4-28.ariane.intra
> 'dhcp-172-20-4-28.ariane.intra.#0113600#011IN#011A#011172.20.4.28'
> Nov 17 13:43:59 S4 named[2309]: client 172.20.2.2#48911: updating zone
> 'ariane.intra/NONE': adding an RR at 'dhcp-172-20-4-28.ariane.intra' A
> Nov 17 13:43:59 S4 named[2309]: samba_dlz: added rdataset
> dhcp-172-20-4-28.ariane.intra
> 'dhcp-172-20-4-28.ariane.intra.#0113600#011IN#011A#011172.20.4.28'
> Nov 17 13:43:59 S4 named[2309]: samba_dlz: committed transaction on zone
> ariane.intra
> Nov 17 13:43:59 S4 named[2309]: samba_dlz: starting transaction on zone
> 4.20.172.in-addr.arpa
> Nov 17 13:43:59 S4 named[2309]: samba_dlz: allowing update of
> signer=dhcpd-user\@ARIANE.INTRA name=28.4.20.172.in-addr.arpa
> tcpaddr=172.20.2.2 type=PTR key=2742923346.sig-s4.ariane.intra/160/0
> Nov 17 13:43:59 S4 named[2309]: samba_dlz: allowing update of
> signer=dhcpd-user\@ARIANE.INTRA name=28.4.20.172.in-addr.arpa
> tcpaddr=172.20.2.2 type=PTR key=2742923346.sig-s4.ariane.intra/160/0
> Nov 17 13:43:59 S4 named[2309]: client 172.20.2.2#55304: updating zone
> '4.20.172.in-addr.arpa/NONE': deleting rrset at
> '28.4.20.172.in-addr.arpa' PTR
> Nov 17 13:43:59 S4 named[2309]: samba_dlz: subtracted rdataset
> 28.4.20.172.in-addr.arpa
> '28.4.20.172.in-addr.arpa.#0113600#011IN#011PTR#011dhcp-172-20-4-
> 28.ariane.intra.'
> Nov 17 13:43:59 S4 named[2309]: client 172.20.2.2#55304: updating zone
> '4.20.172.in-addr.arpa/NONE': adding an RR at '28.4.20.172.in-addr.arpa'
> PTR
> Nov 17 13:43:59 S4 named[2309]: samba_dlz: added rdataset
> 28.4.20.172.in-addr.arpa
> '28.4.20.172.in-addr.arpa.#0113600#011IN#011PTR#011dhcp-172-20-4-
> 28.ariane.intra.'
> Nov 17 13:43:59 S4 named[2309]: samba_dlz: committed transaction on zone
> 4.20.172.in-addr.arpa
> Nov 17 13:43:59 S4 dhcpd: DDNS: adding records for 172.20.4.28
> (dhcp-172-20-4-28.ariane.intra) succeeded
> 
> *For a new win7 client**:*
> Nov 17 14:10:38 S4 dhcpd: execute_statement argv[0] =
> /etc/dhcp/bin/dhcp-dyndns-debian.sh
> Nov 17 14:10:38 S4 dhcpd: execute_statement argv[1] = add
> Nov 17 14:10:38 S4 dhcpd: execute_statement argv[2] = 172.20.4.1
> Nov 17 14:10:38 S4 dhcpd: execute_statement argv[3] = client7-PC
> Nov 17 14:10:38 S4 dhcpd: execute_statement argv[4] = 0:50:56:8f:18:c0
> Nov 17 14:10:38 S4 dhcpd: DHCPREQUEST for 172.20.4.1 from
> 00:50:56:8f:18:c0 (client7-PC) via eth0
> Nov 17 14:10:38 S4 dhcpd: DHCPACK on 172.20.4.1 to 00:50:56:8f:18:c0
> (client7-PC) via eth0
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: starting transaction on zone
> ariane.intra
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: disallowing update of
> signer=dhcpd-user\@ARIANE.INTRA name=client7-PC.ariane.intra type=A
> error=insufficient access rights
> Nov 17 14:10:38 S4 named[2309]: client 172.20.2.2#49326: updating zone
> 'ariane.intra/NONE': update failed: rejected by secure update (REFUSED)
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: cancelling transaction on
> zone ariane.intra
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: starting transaction on zone
> ariane.intra
> Nov 17 14:10:38 S4 named[2309]: client 172.20.4.1#60306: update
> 'ariane.intra/IN' denied
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: cancelling transaction on
> zone ariane.intra
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: starting transaction on zone
> 4.20.172.in-addr.arpa
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: allowing update of
> signer=dhcpd-user\@ARIANE.INTRA name=1.4.20.172.in-addr.arpa
> tcpaddr=172.20.2.2 type=PTR key=3681185047.sig-s4.ariane.intra/160/0
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: allowing update of
> signer=dhcpd-user\@ARIANE.INTRA name=1.4.20.172.in-addr.arpa
> tcpaddr=172.20.2.2 type=PTR key=3681185047.sig-s4.ariane.intra/160/0
> Nov 17 14:10:38 S4 named[2309]: client 172.20.2.2#35232: updating zone
> '4.20.172.in-addr.arpa/NONE': deleting rrset at
> '1.4.20.172.in-addr.arpa' PTR
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: subtracted rdataset
> 1.4.20.172.in-addr.arpa
> '1.4.20.172.in-addr.arpa.#0113600#011IN#011PTR#011client7-
> PC.ariane.intra.'
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: starting transaction on zone
> ariane.intra
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: transaction already started
> for zone ariane.intra
> Nov 17 14:10:38 S4 named[2309]: sdlz newversion on origin ariane.intra
> failed : failure
> Nov 17 14:10:38 S4 named[2309]: client 172.20.2.2#35232: updating zone
> '4.20.172.in-addr.arpa/NONE': adding an RR at '1.4.20.172.in-addr.arpa'
> PTR
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: added rdataset
> 1.4.20.172.in-addr.arpa
> '1.4.20.172.in-addr.arpa.#0113600#011IN#011PTR#011client7-
> PC.ariane.intra.'
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: committed transaction on zone
> 4.20.172.in-addr.arpa
> Nov 17 14:10:38 S4 dhcpd: DDNS: adding records for 172.20.4.1
> (client7-PC.ariane.intra) FAILED: nsupdate status 2
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: starting transaction on zone
> ariane.intra
> Nov 17 14:10:38 S4 named[2309]: client 172.20.4.1#51087: update
> 'ariane.intra/IN' denied
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: cancelling transaction on
> zone ariane.intra
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: starting transaction on zone
> ariane.intra
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: allowing update of
> signer=client7-pc\$\@ARIANE.INTRA name=client7-PC.ariane.intra tcpaddr=
> type=AAAA key=260-ms-7.2-1bcc44.6c4f03db-8d28-11e5-ab9f-0050568f18c0/160/0
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: allowing update of
> signer=client7-pc\$\@ARIANE.INTRA name=client7-PC.ariane.intra tcpaddr=
> type=A key=260-ms-7.2-1bcc44.6c4f03db-8d28-11e5-ab9f-0050568f18c0/160/0
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: allowing update of
> signer=client7-pc\$\@ARIANE.INTRA name=client7-PC.ariane.intra tcpaddr=
> type=A key=260-ms-7.2-1bcc44.6c4f03db-8d28-11e5-ab9f-0050568f18c0/160/0
> Nov 17 14:10:38 S4 named[2309]: client 172.20.4.1#60224: updating zone
> 'ariane.intra/NONE': deleting rrset at 'client7-PC.ariane.intra' AAAA
> Nov 17 14:10:38 S4 named[2309]: client 172.20.4.1#60224: updating zone
> 'ariane.intra/NONE': deleting rrset at 'client7-PC.ariane.intra' A
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: subtracted rdataset
> client7-PC.ariane.intra
> 'client7-PC.ariane.intra.#0111200#011IN#011A#011172.20.4.1'
> Nov 17 14:10:38 S4 named[2309]: client 172.20.4.1#60224: updating zone
> 'ariane.intra/NONE': adding an RR at 'client7-PC.ariane.intra' A
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: added rdataset
> client7-PC.ariane.intra
> 'client7-PC.ariane.intra.#0111200#011IN#011A#011172.20.4.1'
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: committed transaction on zone
> ariane.intra
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: starting transaction on zone
> ariane.intraNov 17 14:10:38 S4 named[2309]: client 172.20.4.1#51226:
> update 'ariane.intra/IN' denied
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: cancelling transaction on
> zone ariane.intra
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: starting transaction on zone
> ariane.intra
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: allowing update of
> signer=client7-pc\$\@ARIANE.INTRA name=client7-PC.ariane.intra tcpaddr=
> type=AAAA key=260-ms-7.2-1bcc44.6c4f03db-8d28-11e5-ab9f-0050568f18c0/160/0
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: allowing update of
> signer=client7-pc\$\@ARIANE.INTRA name=client7-PC.ariane.intra tcpaddr=
> type=A key=260-ms-7.2-1bcc44.6c4f03db-8d28-11e5-ab9f-0050568f18c0/160/0
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: allowing update of
> signer=client7-pc\$\@ARIANE.INTRA name=client7-PC.ariane.intra tcpaddr=
> type=A key=260-ms-7.2-1bcc44.6c4f03db-8d28-11e5-ab9f-0050568f18c0/160/0
> Nov 17 14:10:38 S4 named[2309]: client 172.20.4.1#58165: updating zone
> 'ariane.intra/NONE': deleting rrset at 'client7-PC.ariane.intra' AAAA
> Nov 17 14:10:38 S4 named[2309]: client 172.20.4.1#58165: updating zone
> 'ariane.intra/NONE': deleting rrset at 'client7-PC.ariane.intra' A
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: subtracted rdataset
> client7-PC.ariane.intra
> 'client7-PC.ariane.intra.#0111200#011IN#011A#011172.20.4.1'
> Nov 17 14:10:38 S4 named[2309]: client 172.20.4.1#58165: updating zone
> 'ariane.intra/NONE': adding an RR at 'client7-PC.ariane.intra' A
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: added rdataset
> client7-PC.ariane.intra
> 'client7-PC.ariane.intra.#0111200#011IN#011A#011172.20.4.1'
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: committed transaction on zone
> ariane.intra
> 
> Thanks all!
> Sam
> 
> Le 16/11/2015 19:12, Rowland Penny a écrit :
> > On 16/11/15 17:12, Sam wrote:
> >> Hello all,
> >>
> >> I have two new server samba4, with isc-dhcp and Bind. ( Thanks to
> >> Louis 's scripts )
> >> The AD was migrate from 2 Windows 2000 servers last friday, with a
> >> copy of them in a private lan.
> >> Today we have shutdown the old windows 2000 server and put the 2 new
> >> samba4 in place of them.
> >> The problem is that the DHCP does not update the DNS systematically...
> >> That works with laptops ( which have not been connected to the lan
> >> last week ), but without reverse ptr too...
> >>
> >> I can see some error in the syslog file :
> >> Nov 16 17:19:39 S4 named[2269]: samba_dlz b9_format: unhandled record
> >> type 0
> >> Nov 16 17:19:53 S4 named[2269]: samba_dlz: starting transaction on
> >> zone ariane.intra
> >> Nov 16 17:19:53 S4 named[2269]: client 172.21.37.104#51400: update
> >> 'ariane.intra/IN' denied
> >> Nov 16 17:19:53 S4 named[2269]: samba_dlz: cancelling transaction on
> >> zone ariane.intra
> >> Nov 16 17:19:53 S4 named[2269]: samba_dlz: starting transaction on
> >> zone ariane.intra
> >> Nov 16 17:19:53 S4 named[2269]: samba_dlz: disallowing update of
> >> signer=l-s4gt963\$\@ARIANE.INTRA name=L-S4GT963.ariane.intra type=A
> >> error=insufficient access rights
> >> Nov 16 17:19:53 S4 named[2269]: client 172.21.37.104#50486: updating
> >> zone 'ariane.intra/NONE': update failed: rejected by secure update
> >> (REFUSED)
> >> Nov 16 17:19:53 S4 named[2269]: samba_dlz: cancelling transaction on
> >> zone ariane.intra
> >>
> >> I identified these potential mistakes and try to resolve it without
> >> better results :
> >> - I was trying to update dns in server1 from the server2 dhcp
> >> - In smb.conf I set allow dns updates = secure ( and not nonsecure
> >> and secure like in the samba wiki )
> >>
> >> Thanks for helping!
> >> Best regards.
> >>
> >> Sam
> >
> > It looks to me as if your windows clients are trying to update their
> > own records, there is a GPO to stop this.
> > You should run dhcp and bind on the same DC. You do not need to change
> > anything in smb.conf if your setup is correct.
> >
> > Rowland
> >
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba