[Samba] DHCP-DNS problems

Rowland Penny rpenny at samba.org
Mon Dec 18 16:20:55 UTC 2017 

On Mon, 18 Dec 2017 15:55:10 +0000
Kristján Valur Jónsson via samba <samba at lists.samba.org> wrote:

> Hello there.
> So, I have a Samba AD setup, with DHCP and samba_dlz  setup as
> described in the wiki.
> 
> However, I find that after a while, dynamic DHCPD updates stop
> working. The fix is for me to restart the named server.
> 
> When in this state, I get log messages like:
> 
>  DHCPREQUEST for 192.168.52.232 (192.168.60.2) from 8c:be:be:0d:cf:3c
> (RedmiNote4-Gj?gur) via 192.168.52.253
> Dec 18 15:39:44 dc02 dhcpd: DHCPACK on 192.168.52.232 to
> 8c:be:be:0d:cf:3c (RedmiNote4-Gj?gur) via 192.168.52.253
> Dec 18 15:39:46 dc02 dhcpd: domain is rvx.is
> Dec 18 15:39:46 dc02 dhcpd: doing add
> Dec 18 15:39:46 dc02 dhcpd: update failed: NOTAUTH
> Dec 18 15:39:47 dc02 dhcpd: update failed: NOTAUTH
> Dec 18 15:39:47 dc02 logger: DHCP-DNS Update failed: 22
> 
> 
> In this state, clearing the /tmp/dhcpd-dyndns.cc and/or regeneraing
> the /etc/dhcpduser.keytab will not fix things.
> Only restarting the "named"  server does, after which I get stuff lke:
> Dec 18 15:41:38 dc02 dhcpd: domain is rvx.is
> Dec 18 15:41:38 dc02 dhcpd: doing add
> Dec 18 15:41:39 dc02 named[17215]: samba_dlz: starting transaction on
> zone rvx.is

Even this looks wrong, I would expect something like this:

Dec 18 07:43:59 dc3 dhcpd: DHCPREQUEST for 192.168.0.111 from cc:4e:ec:e9:c8:d3 via eth0
Dec 18 07:43:59 dc3 dhcpd: DHCPACK on 192.168.0.111 to cc:4e:ec:e9:c8:d3 via eth0
Dec 18 07:47:33 dc3 dhcpd: Commit: IP: 192.168.0.88 DHCID: 1:ec:8:6b:c:cb:c2 Name: devstation
Dec 18 07:47:33 dc3 dhcpd: execute_statement argv[0] = /usr/local/bin/dhcp-dyndns.sh
Dec 18 07:47:33 dc3 dhcpd: execute_statement argv[1] = add
Dec 18 07:47:33 dc3 dhcpd: execute_statement argv[2] = 192.168.0.88
Dec 18 07:47:33 dc3 dhcpd: execute_statement argv[3] = 1:ec:8:6b:c:cb:c2
Dec 18 07:47:33 dc3 dhcpd: execute_statement argv[4] = devstation
Dec 18 07:47:33 dc3 named[22890]: samba_dlz: starting transaction on
zone samdom.example.com

You don't seem to have the lines that contain the required info.

> Dec 18 15:41:39 dc02 named[17215]: samba_dlz: allowing update of
> signer=dhcpduser\@RVX.IS name=RedmiNote4-Gj?gur.rvx.is
> tcpaddr=127.0.0.1 type=A key=17359283
> 17.sig-dc02.rvx.is/160/0
> etc...
> 
> I am running centos 7, bind 9.9.4,
> Samba 4.7.3 compiled from sources.
> 
> 
> From what I can gather, /usr/local/bin/dhcpd-dyndns.sh is talking to
> the local samba daemon.

No, the script uses nsupdate to update the records in AD.

>  Samba AD maintains the actual DNS entries.
> Why does the AD need confirmation with the bind daemon to update its
> internal database?  Shouldn't the bind dameon, using samba_dlz, just
> contain the local DC when serving queries?
> 
> Does anybody else have this problem?
>

Not that I am aware.

Can you post (or send them to me direct), the script you are using
(yes, I know it is the on wiki, but I want to check yours), your
dhcpd.conf file and your named.conf file(s)
 
Rowland

More information about the samba mailing list