[Samba] samba_dnsupdate options: --use-samba-tool vs. --use-nsupdate, and dhcpd dynamic updates
Rowland Penny
rpenny at samba.org
Fri Jan 11 16:43:34 UTC 2019
On Fri, 11 Jan 2019 16:13:50 +0000 (UTC)
Billy Bob <billysbobs at yahoo.com> wrote:
>
>
> On Friday, January 11, 2019 3:14 AM, Rowland Penny via samba
> <samba at lists.samba.org> wrote:
> >
> >I have no idea where the above is coming from, but it isn't from
> >the dhcp scripts.
> >
>
> I don't know what to tell you, Rowland. The previous logs were with
> the -d option in place, and those extra lines were what was added as
> a result of the -d option.
>
> Here is what the logs show WITHOUT the -d option:
>
> Jan 11 10:00:36 dc01 dhcpd[1704]: Commit: IP: 172.20.10.165 DHCID:
> 1:d4:be:d9:22:9f:7d Name: mgmt01 Jan 11 10:00:36 dc01 dhcpd[1704]:
> execute_statement argv[0] = /usr/local/bin/dhcp-dyndns.sh Jan 11
> 10:00:36 dc01 dhcpd[1704]: execute_statement argv[1] = add Jan 11
> 10:00:36 dc01 dhcpd[1704]: execute_statement argv[2] = 172.20.10.165
> Jan 11 10:00:36 dc01 dhcpd[1704]: execute_statement argv[3] =
> 1:d4:be:d9:22:9f:7d Jan 11 10:00:36 dc01 dhcpd[1704]:
> execute_statement argv[4] = mgmt01 Jan 11 10:00:36 dc01 sh[1704]:
> dns_tkey_gssnegotiate: TKEY is unacceptable Jan 11 10:00:36 dc01
> sh[1704]: dns_tkey_gssnegotiate: TKEY is unacceptable Jan 11 10:00:36
> dc01 dhcpd[1704]: execute: /usr/local/bin/dhcp-dyndns.sh exit status
> 2816 Jan 11 10:00:36 dc01 dhcpd[1704]: reuse_lease: lease age 364
> (secs) under 25% threshold, reply with unaltered, existing lease for
> 172.20.10.165 Jan 11 10:00:36 dc01 dhcpd[1704]: DHCPREQUEST for
> 172.20.10.165 from d4:be:d9:22:9f:7d (mgmt01) via eno1 Jan 11
> 10:00:36 dc01 dhcpd[1704]: DHCPACK on 172.20.10.165 to
> d4:be:d9:22:9f:7d (mgmt01) via eno1
>
This shows the script is being run with the correct data, but for some
reason, your kerberos key isn't correct
What is in your ticket ?
Running 'klist -ce /tmp/dhcp-dyndns.cc' on my DC produces this:
Ticket cache: FILE:/tmp/dhcp-dyndns.cc
Default principal: dhcpduser at SAMDOM.EXAMPLE.COM
Valid starting Expires Service principal
11/01/19 10:12:50 11/01/19 20:12:50 krbtgt/SAMDOM.EXAMPLE.COM at SAMDOM.EXAMPLE.COM
renew until 12/01/19 10:12:50, Etype (skey, tkt): aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96
11/01/19 10:12:50 11/01/19 20:12:50 DNS/dc4.samdom.example.com at SAMDOM.EXAMPLE.COM
renew until 12/01/19 10:12:50, Etype (skey, tkt): arcfour-hmac, arcfour-hmac
And running 'ktutil' produces this:
root at dc4:~# ktutil
ktutil: rkt /etc/dhcpduser.keytab
ktutil: l
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
1 1 dhcpduser at SAMDOM.EXAMPLE.COM
2 1 dhcpduser at SAMDOM.EXAMPLE.COM
3 1 dhcpduser at SAMDOM.EXAMPLE.COM
4 1 dhcpduser at SAMDOM.EXAMPLE.COM
5 1 dhcpduser at SAMDOM.EXAMPLE.COM
ktutil: q
I would delete the ticket and keytab, recreate the keytab and then try
again.
Rowland
More information about the samba
mailing list