[Samba] Securring DHCP, with DDNS

Sam sr42354 at gmail.com
Wed Jan 27 11:03:03 UTC 2016 

If I don't use DHCP failover, can you tell me how to do to to have 
manually dhcp start method working...

I think I could made a mistake, this is what i did : ( I using Louis 
script from "old set of script" directory : 
https://secure.bazuin.nl/scripts/ )

- On server S4 : resolv.conf set to S4 first and S4bis in second
- On server S4 : in dhcp-dyndns-debian.sh, NSRVS=*S4*.ariane.intra
- On server S4 : bash install.sh
- On server S4 : osync set to sync dhcpd.conf between the 2 servers
- On server S4bis : resolv.conf set to S4bis first and S4 in second
- On server S4bis : in dhcp-dyndns-debian.sh, NSRVS=*S4bis*.ariane.intra
- On server S4bis : bash install.sh

Am I wrong?

Regards,
Sam



Le 26/01/2016 17:15, L.P.H. van Belle a écrit :
> Rowland.. the solution to the failover came after we advices to setup with 2 servers and manualy start them up..
>
> Maybe its best we put this on the samba wiki?
> Would help a lot of users.
>
> Greetz,
>
> Louis
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Walter Mautner
>> Verzonden: dinsdag 26 januari 2016 17:03
>> Aan: Sam
>> CC: samba at lists.samba.org
>> Onderwerp: Re: [Samba] Securring DHCP, with DDNS
>>
>> You may have 2 dhcps running, but you have to make sure the lease ranges
>> are different. The first dns server stanza should refer to the server
>> which gets the lease update.
>> For the dns servers you would need to define each other as forwarder,
>> probably by ip range, to be able to resolve the other (half of the) names.
>>
>> --
>> W.Mautner (Walter.mautner at ages.at)
>> +43050555111 IKT Hotline
>>
>>
>>> Am 26.01.2016 um 16:33 schrieb Sam <sr42354 at gmail.com>:
>>>
>>> Hello All,
>>>
>>> I have 2 samba4 AD server with dhpd and dynamic DNS.
>>> I have well understand that for now it's not possible to have 2 DHCP
>> server running in the same time.
>>> So I would have at a time only one dhcp server running.
>>> If the first server got a problem I want to manually start the isc-dhcp
>> service in the second to rescue the system.
>>> But It's not working as I expected...
>>>
>>> If I switch off Isc-dhcp service in the first DC and switch on in the
>> other one I get these errors :
>>> ipconfig /release
>>> Jan 26 11:41:36 S4 named[2308]: samba_dlz: starting transaction on zone
>> ariane.intra
>>> Jan 26 11:41:36 S4 named[2308]: client 172.20.4.2#54917: update
>> 'ariane.intra/IN' denied
>>> Jan 26 11:41:36 S4 named[2308]: samba_dlz: cancelling transaction on
>> zone ariane.intra
>>> Jan 26 11:41:36 S4 named[2308]: samba_dlz: starting transaction on zone
>> ariane.intra
>>> Jan 26 11:41:36 S4 named[2308]: samba_dlz: disallowing update of
>> signer=client7-pcbis\$\@ARIANE.INTRA name=client7-PCbis.ariane.intra
>> type=A*error=**insufficient access rights*
>>> Jan 26 11:41:36 S4 named[2308]: client 172.20.4.2#65046: updating zone
>> 'ariane.intra/NONE': update failed: rejected by secure update (REFUSED)
>>> Jan 26 11:41:36 S4 named[2308]: samba_dlz: cancelling transaction on
>> zone ariane.intra
>>> ipconfig /renew
>>> Jan 26 11:43:22 S4 dhcpd: DHCPDISCOVER from 00:50:56:8f:55:b6 via eth0
>>> Jan 26 11:43:23 S4 dhcpd: DHCPOFFER on 172.20.4.2 to 00:50:56:8f:55:b6
>> (client7-PCbis) via eth0
>>> Jan 26 11:43:23 S4 dhcpd: execute_statement argv[0] =
>> /etc/dhcp/bin/dhcp-dyndns-debian.sh
>>> Jan 26 11:43:23 S4 dhcpd: execute_statement argv[1] = add
>>> Jan 26 11:43:23 S4 dhcpd: execute_statement argv[2] = 172.20.4.2
>>> Jan 26 11:43:23 S4 dhcpd: execute_statement argv[3] = client7-PCbis
>>> Jan 26 11:43:23 S4 dhcpd: execute_statement argv[4] = 0:50:56:8f:55:b6
>>> Jan 26 11:43:23 S4 dhcpd: DHCPREQUEST for 172.20.4.2 (172.20.2.2) from
>> 00:50:56:8f:55:b6 (client7-PCbis) via eth0
>>> Jan 26 11:43:23 S4 dhcpd: DHCPACK on 172.20.4.2 to 00:50:56:8f:55:b6
>> (client7-PCbis) via eth0
>>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: starting transaction on zone
>> ariane.intra
>>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: allowing update of
>> signer=dhcpd-user\@ARIANE.INTRA name=client7-PCbis.ariane.intra
>> tcpaddr=172.20.2.2 type=A key=1616985151.sig-s4.ariane.intra/160/0
>>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: allowing update of
>> signer=dhcpd-user\@ARIANE.INTRA name=client7-PCbis.ariane.intra
>> tcpaddr=172.20.2.2 type=A key=1616985151.sig-s4.ariane.intra/160/0
>>> Jan 26 11:43:23 S4 named[2308]: client 172.20.2.2#57599: updating zone
>> 'ariane.intra/NONE': deleting rrset at 'client7-PCbis.ariane.intra' A
>>> Jan 26 11:43:23 S4 named[2308]: client 172.20.2.2#57599: updating zone
>> 'ariane.intra/NONE': adding an RR at 'client7-PCbis.ariane.intra' A
>>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: added rdataset client7-
>> PCbis.ariane.intra 'client7-
>> PCbis.ariane.intra.#0113600#011IN#011A#011172.20.4.2'
>>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: subtracted rdataset
>> ariane.intra 'ariane.intra.#0113600#011IN#011SOA#011s4.ariane.intra.
>> admin.ariane.intra. 98438 900 600 86400 3600'
>>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: added rdataset ariane.intra
>> 'ariane.intra.#0113600#011IN#011SOA#011s4.ariane.intra.
>> admin.ariane.intra. 98439 900 600 86400 3600'
>>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: committed transaction on zone
>> ariane.intra
>>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: starting transaction on zone
>> 4.20.172.in-addr.arpa
>>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: allowing update of
>> signer=dhcpd-user\@ARIANE.INTRA name=2.4.20.172.in-addr.arpa
>> tcpaddr=172.20.2.2 type=PTR key=1880656139.sig-s4.ariane.intra/160/0
>>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: allowing update of
>> signer=dhcpd-user\@ARIANE.INTRA name=2.4.20.172.in-addr.arpa
>> tcpaddr=172.20.2.2 type=PTR key=1880656139.sig-s4.ariane.intra/160/0
>>> Jan 26 11:43:23 S4 named[2308]: client 172.20.2.2#39255: updating zone
>> '4.20.172.in-addr.arpa/NONE': deleting rrset at '2.4.20.172.in-addr.arpa'
>> PTR
>>> Jan 26 11:43:23 S4 named[2308]: client 172.20.2.2#39255: updating zone
>> '4.20.172.in-addr.arpa/NONE': adding an RR at '2.4.20.172.in-addr.arpa'
>> PTR
>>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: added rdataset 2.4.20.172.in-
>> addr.arpa '2.4.20.172.in-addr.arpa.#0113600#011IN#011PTR#011client7-
>> PCbis.ariane.intra.'
>>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: subtracted rdataset
>> 4.20.172.in-addr.arpa '4.20.172.in-
>> addr.arpa.#0113600#011IN#011SOA#011s4.ariane.intra. admin.ariane.intra. 34
>> 900 600 86400 3600'
>>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: added rdataset 4.20.172.in-
>> addr.arpa '4.20.172.in-addr.arpa.#0113600#011IN#011SOA#011s4.ariane.intra.
>> admin.ariane.intra. 35 900 600 86400 3600'
>>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: committed transaction on zone
>> 4.20.172.in-addr.arpa
>>> Jan 26 11:43:23 S4 dhcpd: DDNS: adding records for 172.20.4.2 (client7-
>> PCbis.ariane.intra) succeeded
>>> Jan 26 11:43:27 S4 named[2308]: samba_dlz: starting transaction on zone
>> ariane.intra
>>> Jan 26 11:43:27 S4 named[2308]: client 172.20.4.2#49708: update
>> 'ariane.intra/IN' denied
>>> Jan 26 11:43:27 S4 named[2308]: samba_dlz: cancelling transaction on
>> zone ariane.intra
>>> Jan 26 11:43:27 S4 named[2308]: samba_dlz: starting transaction on zone
>> ariane.intra
>>> Jan 26 11:43:27 S4 named[2308]: samba_dlz: disallowing update of
>> signer=client7-pcbis\$\@ARIANE.INTRA name=client7-PCbis.ariane.intra
>> type=AAAA*error=insufficient access rights*
>>> Jan 26 11:43:27 S4 named[2308]: client 172.20.4.2#58780: updating zone
>> 'ariane.intra/NONE': update failed: rejected by secure update (REFUSED)
>>> Jan 26 11:43:27 S4 named[2308]: samba_dlz: cancelling transaction on
>> zone ariane.intra
>>> Jan 26 11:43:27 S4 named[2308]: samba_dlz: starting transaction on zone
>> ariane.intra
>>> Jan 26 11:43:27 S4 named[2308]: client 172.20.4.2#62901: update
>> 'ariane.intra/IN' denied
>>> Jan 26 11:43:27 S4 named[2308]: samba_dlz: cancelling transaction on
>> zone ariane.intra
>>> Jan 26 11:43:27 S4 named[2308]: samba_dlz: starting transaction on zone
>> ariane.intra
>>> Jan 26 11:43:27 S4 named[2308]: samba_dlz: disallowing update of
>> signer=client7-pcbis\$\@ARIANE.INTRA name=client7-PCbis.ariane.intra
>> type=AAAA*error=insufficient access rights*
>>> Jan 26 11:43:27 S4 named[2308]: client 172.20.4.2#60619: updating zone
>> 'ariane.intra/NONE': update failed: rejected by secure update (REFUSED)
>>> Jan 26 11:43:27 S4 named[2308]: samba_dlz: cancelling transaction on
>> zone ariane.intra
>>> Jan 26 11:43:30 S4 dhcpd: DHCPINFORM from 172.20.4.2 via eth0
>>> Jan 26 11:43:30 S4 dhcpd: DHCPACK to 172.20.4.2 (00:50:56:8f:55:b6) via
>> eth0
>>>
>>> How to start quickly with the second DHCP server without mistakes and
>> without manually remove the DNS entries?
>>> Thank you in advance for the answers!
>>>
>>> Sam
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list