[Samba] can't do dhcp + samba + bind work together

artyom artemko1991 at yandex.ru
Fri May 19 04:19:15 UTC 2017 

Samba - General mailing list wrote
> On Wed, 17 May 2017 21:12:56 -0700 (PDT)
> artyom via samba <

> samba at .samba

> > wrote:
> 
> 
>> >> I use official manual from wiki.samba.org for install samba 4.6.3
>> >> (from source) with bind_dlz on bind 9.9.10 (from source too). My OS
>> >> is Debian Jessie x64 8.8 netinst. I use
>> >>
>> https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_with_BIND9
>> >> article for dynamic dhcp updates on dns zones. DHCP is working but
>> >> dns updates not: i have this messages on my syslog then dhcpoffer:
>> > 
>> >> named[611]: samba_dlz: committed transaction on zone kch.remel.lan
>> >> May 17 14:32:09 ad1 remel: DHCP-DNS Update failed: 01
>> >>
>> > 
>> > The forward zone is getting updated but the reverse zone isn't, have
>> > you created the reverse zone, it isn't created automatically.
>> > 
>> > Rowland
>  
>> Thanks! Now, then i use 
>> 
>> /etc/dhcp/bin/dhcp-dyndns.sh add 10.10.1.253 01:02:03:04:06:09
>> twofivethree
>>
>> it's work well, no errors, but then i add a client (windows seven) i
>> have:
> 
>> 1:ea:d6:54:12:48:54 May 18 09:10:36 ad1 dhcpd: execute_statement
>> argv[4] = test-pc May 18 09:10:36 ad1 dhcpd:
>> execute: /etc/dhcp/bin/dhcp-dyndns.sh exit status 256
>> May 18 09:10:39 ad1 named[607]: samba_dlz: starting transaction on
>> zone kch.remel.lan
>> May 18 09:10:39 ad1 named[607]: client 10.10.1.0#61811: update
>> 'kch.remel.lan/IN' denied
> 
>> 
>> why it can deny transaction?
> 
> This bit is easy, as I said, the script is failing, the above is from 
> when your clients try to update their own records and get denied. 
> You need to stop your clients trying to update their own records. 
> When it does work, you should see something like this in syslog:
> 
> May 18 06:33:40 member1 named[1980]: samba_dlz: starting transaction on
> zone samdom.example.com
> 
> May 18 06:33:40 member1 named[1980]: samba_dlz: starting transaction on
> zone 0.168.192.in-addr.arpa
> May 18 06:33:40 member1 named[1980]: samba_dlz: allowing update of
> signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=164.0.168.192.in-addr.arpa
> tcpaddr=127.0.0.1 type=PTR
> key=588484016.sig-member1.samdom.example.com/160/0
> 
> May 18 06:33:40 member1 root: DHCP-DNS Update succeeded
> 
> Rowland

I can stop it by unselecting this: ipv4 ->Properties->Advanced ->
DNS Tab -> Register this connection's addresses in DNS?

I know, it looks like an RTFM problem from me, but it's because unsecure
updates from win dns client service? This start to work after I add this pc
to domain. Now I have:

May 18 10:40:38 ad1 named[607]: samba_dlz: starting transaction on zone
kch.remel.lan
May 18 10:40:38 ad1 named[607]: client 10.10.1.0#52807: update
'kch.remel.lan/IN' denied
May 18 10:40:38 ad1 named[607]: samba_dlz: cancelling transaction on zone
kch.remel.lan
May 18 10:40:38 ad1 named[607]: samba_dlz: starting transaction on zone
kch.remel.lan
May 18 10:40:38 ad1 named[607]: samba_dlz: allowing update of
signer=TEST-PC\$\@KCH.REMEL.LAN name=test-pc.kch.remel.lan tcpaddr= type=A
key=1204-ms-7.2-18d02.5706f740-3b8c-11e7-85ab-ead654124854/160/0
---OUT OMITTED-----
May 18 10:40:38 ad1 named[607]: samba_dlz: committed transaction on zone
kch.remel.lan
May 18 10:40:38 ad1 named[607]: samba_dlz: starting transaction on zone
10.10.in-addr.arpa
May 18 10:40:38 ad1 named[607]: client 10.10.1.0#53044: update
'10.10.in-addr.arpa/IN' denied
May 18 10:40:38 ad1 named[607]: samba_dlz: cancelling transaction on zone
10.10.in-addr.arpa
May 18 10:40:38 ad1 named[607]: samba_dlz: starting transaction on zone
10.10.in-addr.arpa
May 18 10:40:38 ad1 named[607]: samba_dlz: allowing update of
signer=TEST-PC\$\@KCH.REMEL.LAN name=0.1.10.10.in-addr.arpa tcpaddr=
type=PTR key=1204-ms-7.2-18d02.5706f740-3b8c-11e7-85ab-ead654124854/160/0
---OUT OMITTED-----
May 18 10:40:38 ad1 named[607]: samba_dlz: committed transaction on zone
10.10.in-addr.arpa

If I understand clearly, the second update (signer=TEST-PC) is a win client
secure dynamic dns update in "domain mode". Whis is something like
transaction conflict?
 



--
View this message in context: http://samba.2283325.n4.nabble.com/can-t-do-dhcp-samba-bind-work-together-tp4718775p4718822.html
Sent from the Samba - General mailing list archive at Nabble.com.

More information about the samba mailing list