[Samba] Securring DHCP, with DDNS

Sam sr42354 at gmail.com
Mon Feb 1 14:30:22 UTC 2016 

Hi,

Ok it's better like this!:-) The dhcp failover mode works well and 2 
windows 7 client PC are well handled.
They can have an IP and addresses are created/deleted in the DNS 
successfully.

but...
I try to remove my 2 old windows 2000 AD server from the production's 
LAN and put my 2 new Samba4 instead.
The dhcp servers works fine but not really the DDNS.

We have this kind of error for network printers ( they are in DHCP mode ) :

Jan 29 16:19:37 S4 dhcpd: DHCPOFFER on 172.20.4.132 to 00:17:c8:23:6c:65 
(I-LP-10) via eth0
Jan 29 16:19:37 S4 dhcpd: execute_statement argv[0] = 
/etc/dhcp/bin/dhcp-dyndns-debian.sh
Jan 29 16:19:37 S4 dhcpd: execute_statement argv[1] = add
Jan 29 16:19:37 S4 dhcpd: execute_statement argv[2] = 172.20.4.132
Jan 29 16:19:37 S4 dhcpd: execute_statement argv[3] = I-LP-10
Jan 29 16:19:37 S4 dhcpd: execute_statement argv[4] = 0:17:c8:23:6c:65
Jan 29 16:19:37 S4 dhcpd: DHCPREQUEST for 172.20.4.132 (172.20.2.2) from 
00:17:c8:23:6c:65 (I-LP-10) via eth0
Jan 29 16:19:37 S4 dhcpd: DHCPACK on 172.20.4.132 to 00:17:c8:23:6c:65 
(I-LP-10) via eth0
Jan 29 16:19:37 S4 dhcpd: DDNS: adding records for 172.20.4.132 
(I-LP-10.ariane.intra) *FAILED: nsupdate status 2*

Jan 29 16:07:37 S4bis dhcpd: DHCPOFFER on 172.21.34.2 to 
00:17:c8:23:ab:0b (I-MDT-30) via 172.21.34.1
Jan 29 16:07:37 S4bis dhcpd: execute_statement argv[0] = 
/etc/dhcp/bin/dhcp-dyndns-debian.sh
Jan 29 16:07:37 S4bis dhcpd: execute_statement argv[1] = add
Jan 29 16:07:37 S4bis dhcpd: execute_statement argv[2] = 172.21.34.2
Jan 29 16:07:37 S4bis dhcpd: execute_statement argv[3] = I-MDT-30
Jan 29 16:07:37 S4bis dhcpd: execute_statement argv[4] = 0:17:c8:23:ab:b
Jan 29 16:07:37 S4bis dhcpd: DHCPREQUEST for 172.21.34.2 (172.20.2.3) 
from 00:17:c8:23:ab:0b (I-MDT-30) via 172.21.34.1
Jan 29 16:07:37 S4bis dhcpd: DHCPACK on 172.21.34.2 to 00:17:c8:23:ab:0b 
(I-MDT-30) via 172.21.34.1
Jan 29 16:07:37 S4bis dhcpd: DDNS: adding records for 172.21.34.2 
(I-MDT-30.ariane.intra) *FAILED: nsupdate status 1*

and we have this for the client computers :

Jan 29 16:10:26 S4bis dhcpd: execute_statement argv[0] = 
/etc/dhcp/bin/dhcp-dyndns-debian.sh
Jan 29 16:10:26 S4bis dhcpd: execute_statement argv[1] = add
Jan 29 16:10:26 S4bis dhcpd: execute_statement argv[2] = 172.21.33.113
Jan 29 16:10:26 S4bis dhcpd: execute_statement argv[3] = HP-CZC2097TDR
Jan 29 16:10:26 S4bis dhcpd: execute_statement argv[4] = 9c:8e:99:d2:ec:fd
Jan 29 16:10:26 S4bis dhcpd: DHCPREQUEST for 172.21.33.113 from 
9c:8e:99:d2:ec:fd via 172.21.33.1
Jan 29 16:10:26 S4bis dhcpd: DHCPACK on 172.21.33.113 to 
9c:8e:99:d2:ec:fd (HP-CZC2097TDR) via 172.21.33.1
Jan 29 16:10:26 S4bis dhcpd: DDNS: adding records for 172.21.33.113 
(HP-CZC2097TDR.ariane.intra) *FAILED: nsupdate status 1*

Jan 29 16:12:36 S4bis dhcpd: execute_statement argv[0] = 
/etc/dhcp/bin/dhcp-dyndns-debian.sh
Jan 29 16:12:36 S4bis dhcpd: execute_statement argv[1] = add
Jan 29 16:12:36 S4bis dhcpd: execute_statement argv[2] = 172.21.50.17
Jan 29 16:12:36 S4bis dhcpd: execute_statement argv[3] = HP-CZC1279CMV
Jan 29 16:12:36 S4bis dhcpd: execute_statement argv[4] = 98:4b:e1:7d:86:5e
Jan 29 16:12:36 S4bis named[2330]: samba_dlz b9_format: *unhandled 
record type 0*
Jan 29 16:12:36 S4bis dhcpd: DDNS: adding records for 172.21.50.17 
(HP-CZC1279CMV.ariane.intra)*FAILED: nsupdate status 1*
Jan 29 16:12:36 S4bis dhcpd: DHCPREQUEST for 172.21.50.17 from 
98:4b:e1:7d:86:5e via 172.21.50.1
Jan 29 16:12:36 S4bis dhcpd: DHCPACK on 172.21.50.17 to 
98:4b:e1:7d:86:5e (HP-CZC1279CMV) via 172.21.50.1
Jan 29 16:12:36 S4bis dhcpd: execute_statement argv[0] = 
/etc/dhcp/bin/dhcp-dyndns-debian.sh
Jan 29 16:12:36 S4bis dhcpd: execute_statement argv[1] = add
Jan 29 16:12:36 S4bis dhcpd: execute_statement argv[2] = 172.21.50.17
Jan 29 16:12:36 S4bis dhcpd: execute_statement argv[3] = HP-CZC1279CMV
Jan 29 16:12:36 S4bis dhcpd: execute_statement argv[4] = 98:4b:e1:7d:86:5e
Jan 29 16:12:36 S4bis dhcpd: DHCPREQUEST for 172.21.50.17 from 
98:4b:e1:7d:86:5e (HP-CZC1279CMV) via 172.21.50.1
Jan 29 16:12:36 S4bis dhcpd: DHCPACK on 172.21.50.17 to 
98:4b:e1:7d:86:5e (HP-CZC1279CMV) via 172.21.50.1
Jan 29 16:12:36 S4bis named[2330]: samba_dlz b9_format: *unhandled 
record type 0*
Jan 29 16:12:36 S4bis dhcpd: DDNS: adding records for 172.21.50.17 
(HP-CZC1279CMV.ariane.intra) *FAILED: nsupdate status 1**
*
Is it due to a time-lease timming?
also, I wonder if I have to switch "wins support" to off in smb.conf?

Regards

Sam

Le 27/01/2016 14:36, Rowland penny a écrit :
> On 27/01/16 13:24, Sam wrote:
>> Thanks Rowland and Louis! :)
>>
>> Ok I'm going to test the failover mode! ;)
>> Do I need to set the same value for NSRVS in dhcp-dyndns.sh? ( the 
>> first AD server, "S4" for me )
>> Or can I keep
>> NSRVS=S4.ariane.intra on server S4 and
>> NSRVS=S4bis.ariane.intra on server S4bis?
>>
>> It seems to be more secure for me if the first server switch off...
>>
>> Sam
>>
>
> I actually use '127.0.0.1' on both DCs
>
> Rowland
>
>

More information about the samba mailing list