[Samba] Securring DHCP, with DDNS

Rowland penny rpenny at samba.org
Mon Feb 1 14:44:17 UTC 2016 

On 01/02/16 14:30, Sam wrote:
> Hi,
>
> Ok it's better like this!:-) The dhcp failover mode works well and 2 
> windows 7 client PC are well handled.
> They can have an IP and addresses are created/deleted in the DNS 
> successfully.
>
> but...
> I try to remove my 2 old windows 2000 AD server from the production's 
> LAN and put my 2 new Samba4 instead.
> The dhcp servers works fine but not really the DDNS.
>
> We have this kind of error for network printers ( they are in DHCP 
> mode ) :
>
> Jan 29 16:19:37 S4 dhcpd: DHCPOFFER on 172.20.4.132 to 
> 00:17:c8:23:6c:65 (I-LP-10) via eth0
> Jan 29 16:19:37 S4 dhcpd: execute_statement argv[0] = 
> /etc/dhcp/bin/dhcp-dyndns-debian.sh
> Jan 29 16:19:37 S4 dhcpd: execute_statement argv[1] = add
> Jan 29 16:19:37 S4 dhcpd: execute_statement argv[2] = 172.20.4.132
> Jan 29 16:19:37 S4 dhcpd: execute_statement argv[3] = I-LP-10
> Jan 29 16:19:37 S4 dhcpd: execute_statement argv[4] = 0:17:c8:23:6c:65
> Jan 29 16:19:37 S4 dhcpd: DHCPREQUEST for 172.20.4.132 (172.20.2.2) 
> from 00:17:c8:23:6c:65 (I-LP-10) via eth0
> Jan 29 16:19:37 S4 dhcpd: DHCPACK on 172.20.4.132 to 00:17:c8:23:6c:65 
> (I-LP-10) via eth0
> Jan 29 16:19:37 S4 dhcpd: DDNS: adding records for 172.20.4.132 
> (I-LP-10.ariane.intra) *FAILED: nsupdate status 2*
>
> Jan 29 16:07:37 S4bis dhcpd: DHCPOFFER on 172.21.34.2 to 
> 00:17:c8:23:ab:0b (I-MDT-30) via 172.21.34.1
> Jan 29 16:07:37 S4bis dhcpd: execute_statement argv[0] = 
> /etc/dhcp/bin/dhcp-dyndns-debian.sh
> Jan 29 16:07:37 S4bis dhcpd: execute_statement argv[1] = add
> Jan 29 16:07:37 S4bis dhcpd: execute_statement argv[2] = 172.21.34.2
> Jan 29 16:07:37 S4bis dhcpd: execute_statement argv[3] = I-MDT-30
> Jan 29 16:07:37 S4bis dhcpd: execute_statement argv[4] = 0:17:c8:23:ab:b
> Jan 29 16:07:37 S4bis dhcpd: DHCPREQUEST for 172.21.34.2 (172.20.2.3) 
> from 00:17:c8:23:ab:0b (I-MDT-30) via 172.21.34.1
> Jan 29 16:07:37 S4bis dhcpd: DHCPACK on 172.21.34.2 to 
> 00:17:c8:23:ab:0b (I-MDT-30) via 172.21.34.1
> Jan 29 16:07:37 S4bis dhcpd: DDNS: adding records for 172.21.34.2 
> (I-MDT-30.ariane.intra) *FAILED: nsupdate status 1*
>
> and we have this for the client computers :
>
> Jan 29 16:10:26 S4bis dhcpd: execute_statement argv[0] = 
> /etc/dhcp/bin/dhcp-dyndns-debian.sh
> Jan 29 16:10:26 S4bis dhcpd: execute_statement argv[1] = add
> Jan 29 16:10:26 S4bis dhcpd: execute_statement argv[2] = 172.21.33.113
> Jan 29 16:10:26 S4bis dhcpd: execute_statement argv[3] = HP-CZC2097TDR
> Jan 29 16:10:26 S4bis dhcpd: execute_statement argv[4] = 
> 9c:8e:99:d2:ec:fd
> Jan 29 16:10:26 S4bis dhcpd: DHCPREQUEST for 172.21.33.113 from 
> 9c:8e:99:d2:ec:fd via 172.21.33.1
> Jan 29 16:10:26 S4bis dhcpd: DHCPACK on 172.21.33.113 to 
> 9c:8e:99:d2:ec:fd (HP-CZC2097TDR) via 172.21.33.1
> Jan 29 16:10:26 S4bis dhcpd: DDNS: adding records for 172.21.33.113 
> (HP-CZC2097TDR.ariane.intra) *FAILED: nsupdate status 1*
>
> Jan 29 16:12:36 S4bis dhcpd: execute_statement argv[0] = 
> /etc/dhcp/bin/dhcp-dyndns-debian.sh
> Jan 29 16:12:36 S4bis dhcpd: execute_statement argv[1] = add
> Jan 29 16:12:36 S4bis dhcpd: execute_statement argv[2] = 172.21.50.17
> Jan 29 16:12:36 S4bis dhcpd: execute_statement argv[3] = HP-CZC1279CMV
> Jan 29 16:12:36 S4bis dhcpd: execute_statement argv[4] = 
> 98:4b:e1:7d:86:5e
> Jan 29 16:12:36 S4bis named[2330]: samba_dlz b9_format: *unhandled 
> record type 0*
> Jan 29 16:12:36 S4bis dhcpd: DDNS: adding records for 172.21.50.17 
> (HP-CZC1279CMV.ariane.intra)*FAILED: nsupdate status 1*
> Jan 29 16:12:36 S4bis dhcpd: DHCPREQUEST for 172.21.50.17 from 
> 98:4b:e1:7d:86:5e via 172.21.50.1
> Jan 29 16:12:36 S4bis dhcpd: DHCPACK on 172.21.50.17 to 
> 98:4b:e1:7d:86:5e (HP-CZC1279CMV) via 172.21.50.1
> Jan 29 16:12:36 S4bis dhcpd: execute_statement argv[0] = 
> /etc/dhcp/bin/dhcp-dyndns-debian.sh
> Jan 29 16:12:36 S4bis dhcpd: execute_statement argv[1] = add
> Jan 29 16:12:36 S4bis dhcpd: execute_statement argv[2] = 172.21.50.17
> Jan 29 16:12:36 S4bis dhcpd: execute_statement argv[3] = HP-CZC1279CMV
> Jan 29 16:12:36 S4bis dhcpd: execute_statement argv[4] = 
> 98:4b:e1:7d:86:5e
> Jan 29 16:12:36 S4bis dhcpd: DHCPREQUEST for 172.21.50.17 from 
> 98:4b:e1:7d:86:5e (HP-CZC1279CMV) via 172.21.50.1
> Jan 29 16:12:36 S4bis dhcpd: DHCPACK on 172.21.50.17 to 
> 98:4b:e1:7d:86:5e (HP-CZC1279CMV) via 172.21.50.1
> Jan 29 16:12:36 S4bis named[2330]: samba_dlz b9_format: *unhandled 
> record type 0*
> Jan 29 16:12:36 S4bis dhcpd: DDNS: adding records for 172.21.50.17 
> (HP-CZC1279CMV.ariane.intra) *FAILED: nsupdate status 1**
> *
> Is it due to a time-lease timming?
> also, I wonder if I have to switch "wins support" to off in smb.conf?
>
> Regards
>
> Sam
>
> Le 27/01/2016 14:36, Rowland penny a écrit :
>> On 27/01/16 13:24, Sam wrote:
>>> Thanks Rowland and Louis! :)
>>>
>>> Ok I'm going to test the failover mode! ;)
>>> Do I need to set the same value for NSRVS in dhcp-dyndns.sh? ( the 
>>> first AD server, "S4" for me )
>>> Or can I keep
>>> NSRVS=S4.ariane.intra on server S4 and
>>> NSRVS=S4bis.ariane.intra on server S4bis?
>>>
>>> It seems to be more secure for me if the first server switch off...
>>>
>>> Sam
>>>
>>
>> I actually use '127.0.0.1' on both DCs
>>
>> Rowland
>>
>>
>

You need to stop your windows clients from trying to update their own 
dns records.

Rowland

More information about the samba mailing list