[Samba] How to automatically store the macAddress in AD

Pierre, BRIEC pierre.briec at stetherese.net
Wed Mar 20 13:40:22 UTC 2019


Thanks Rowland for your modification.

The process is working fine as the information is added but is wrong

ex:
Mar 20 14:21:12 yoda2 named[382]: samba_dlz: committed transaction on zone
stetherese.lan
Mar 20 14:21:12 yoda2 root: DHCP-DNS Update failed: 01
Mar 20 14:21:14 yoda2 root: Successfully modified Computer STHE-C-PROFS06
in AD
Mar 20 14:21:14 yoda2 dhcpd[6961]: execute: /usr/local/bin/dhcp-dyndns.sh
exit status 2560
Mar 20 14:21:14 yoda2 dhcpd[6961]: reuse_lease: lease age 7 (secs) under
25% threshold, reply with unaltered, existing lease for 172.16.7.16
Mar 20 14:21:14 yoda2 dhcpd[6961]: DHCPREQUEST for 172.16.7.16 from
90:1b:0e:bb:12:8a (STHE-C-PROFS06) via eth0
Mar 20 14:21:14 yoda2 dhcpd[6961]: DHCPACK on 172.16.7.16 to
90:1b:0e:bb:12:8a (STHE-C-PROFS06) via eth0
Mar 20 14:21:14 yoda2 dhcpd[6961]: Commit: IP: 172.16.7.16 DHCID:
1:90:1b:e:bb:12:8a Name: STHE-C-PROFS06
Mar 20 14:21:14 yoda2 dhcpd[6961]: execute_statement argv[0] =
/usr/local/bin/dhcp-dyndns.sh
Mar 20 14:21:14 yoda2 dhcpd[6961]: execute_statement argv[1] = add
Mar 20 14:21:14 yoda2 dhcpd[6961]: execute_statement argv[2] = 172.16.7.16
Mar 20 14:21:14 yoda2 dhcpd[6961]: execute_statement argv[3] =
1:90:1b:e:bb:12:8a
Mar 20 14:21:14 yoda2 dhcpd[6961]: execute_statement argv[4] =
STHE-C-PROFS06
Mar 20 14:21:14 yoda2 named[382]: samba_dlz: starting transaction on zone
stetherese.lan

the macaddress from DHCPREQUEST is 90:1b:0e:bb:12:8a
and the macaddress in AD is: 1:90:1b:e:bb:12:8a (have you noticed the
missing 0 and  1: is added at the beginning)

another example:

Mar 20 14:33:09 yoda2 dhcpd[6961]: Commit: IP: 172.16.7.194 DHCID:
1:c8:1f:66:b0:cb:c9 Name: STHE-C-MULTI29
Mar 20 14:33:09 yoda2 dhcpd[6961]: execute_statement argv[0] =
/usr/local/bin/dhcp-dyndns.sh
Mar 20 14:33:09 yoda2 dhcpd[6961]: execute_statement argv[1] = add
Mar 20 14:33:09 yoda2 dhcpd[6961]: execute_statement argv[2] = 172.16.7.194
Mar 20 14:33:09 yoda2 dhcpd[6961]: execute_statement argv[3] =
1:c8:1f:66:b0:cb:c9
Mar 20 14:33:09 yoda2 dhcpd[6961]: execute_statement argv[4] =
STHE-C-MULTI29
Mar 20 14:33:10 yoda2 named[382]: samba_dlz: starting transaction on zone
stetherese.lan
Mar 20 14:33:10 yoda2 named[382]: samba_dlz: allowing update of
signer=dhcpduser\@STETHERESE.LAN name=STHE-C-MULTI29.stetherese.lan
tcpaddr=127.0.0.1 type=A key=1688105298.sig-yoda2.stetherese.l
                             an/160/0
Mar 20 14:33:10 yoda2 named[382]: samba_dlz: allowing update of
signer=dhcpduser\@STETHERESE.LAN name=STHE-C-MULTI29.stetherese.lan
tcpaddr=127.0.0.1 type=A key=1688105298.sig-yoda2.stetherese.l
                             an/160/0
Mar 20 14:33:10 yoda2 named[382]: client 127.0.0.1#45293/key
dhcpduser\@STETHERESE.LAN: updating zone 'stetherese.lan/NONE': deleting
rrset at 'STHE-C-MULTI29.stetherese.lan' A
Mar 20 14:33:10 yoda2 named[382]: samba_dlz: subtracted rdataset
STHE-C-MULTI29.stetherese.lan
'STHE-C-MULTI29.stetherese.lan.#0113600#011IN#011A#011172.16.7.194'
Mar 20 14:33:10 yoda2 named[382]: client 127.0.0.1#45293/key
dhcpduser\@STETHERESE.LAN: updating zone 'stetherese.lan/NONE': adding an
RR at 'STHE-C-MULTI29.stetherese.lan' A 172.16.7.194
Mar 20 14:33:10 yoda2 named[382]: samba_dlz: added rdataset
STHE-C-MULTI29.stetherese.lan
'STHE-C-MULTI29.stetherese.lan.#0113600#011IN#011A#011172.16.7.194'
Mar 20 14:33:10 yoda2 named[382]: samba_dlz: committed transaction on zone
stetherese.lan
Mar 20 14:33:10 yoda2 root: DHCP-DNS Update failed: 01
Mar 20 14:33:11 yoda2 root: Successfully modified Computer STHE-C-MULTI29
in AD
Mar 20 14:33:11 yoda2 dhcpd[6961]: execute: /usr/local/bin/dhcp-dyndns.sh
exit status 2560
Mar 20 14:33:11 yoda2 dhcpd[6961]: reuse_lease: lease age 840 (secs) under
25% threshold, reply with unaltered, existing lease for 172.16.7.194
Mar 20 14:33:11 yoda2 dhcpd[6961]: DHCPREQUEST for 172.16.7.194 from
c8:1f:66:b0:cb:c9 (STHE-C-MULTI29) via eth0
Mar 20 14:33:11 yoda2 dhcpd[6961]: DHCPACK on 172.16.7.194 to
c8:1f:66:b0:cb:c9 (STHE-C-MULTI29) via eth0
Mar 20 14:33:11 yoda2 named[382]: samba_dlz: starting transaction on zone
stetherese.lan
Mar 20 14:33:11 yoda2 named[382]: client 172.16.7.194#54309: update
'stetherese.lan/IN' denied
Mar 20 14:33:11 yoda2 named[382]: samba_dlz: cancelling transaction on zone
stetherese.lan
Mar 20 14:33:11 yoda2 named[382]: samba_dlz: starting transaction on zone
stetherese.lan
Mar 20 14:33:11 yoda2 named[382]: samba_dlz: allowing update of
signer=STHE-C-MULTI29\$\@STETHERESE.LAN name=STHE-C-MULTI29.stetherese.lan
tcpaddr= type=AAAA key=1660-ms-7.2-d541c.c764b981-4b12-
                       11e9-c8a4-28b2bd47a60c/160/0
Mar 20 14:33:11 yoda2 named[382]: samba_dlz: allowing update of
signer=STHE-C-MULTI29\$\@STETHERESE.LAN name=STHE-C-MULTI29.stetherese.lan
tcpaddr= type=A key=1660-ms-7.2-d541c.c764b981-4b12-11e
                       9-c8a4-28b2bd47a60c/160/0
Mar 20 14:33:11 yoda2 named[382]: samba_dlz: allowing update of
signer=STHE-C-MULTI29\$\@STETHERESE.LAN name=STHE-C-MULTI29.stetherese.lan
tcpaddr= type=A key=1660-ms-7.2-d541c.c764b981-4b12-11e
                       9-c8a4-28b2bd47a60c/160/0
Mar 20 14:33:11 yoda2 named[382]: client 172.16.7.194#57206/key
STHE-C-MULTI29\$\@STETHERESE.LAN: updating zone 'stetherese.lan/NONE':
deleting rrset at 'STHE-C-MULTI29.stetherese.lan' AAAA
Mar 20 14:33:11 yoda2 named[382]: client 172.16.7.194#57206/key
STHE-C-MULTI29\$\@STETHERESE.LAN: updating zone 'stetherese.lan/NONE':
deleting rrset at 'STHE-C-MULTI29.stetherese.lan' A
Mar 20 14:33:11 yoda2 named[382]: samba_dlz: subtracted rdataset
STHE-C-MULTI29.stetherese.lan
'STHE-C-MULTI29.stetherese.lan.#0113600#011IN#011A#011172.16.7.194'
Mar 20 14:33:11 yoda2 named[382]: client 172.16.7.194#57206/key
STHE-C-MULTI29\$\@STETHERESE.LAN: updating zone 'stetherese.lan/NONE':
adding an RR at 'STHE-C-MULTI29.stetherese.lan' A 172.16.7.
                           194
Mar 20 14:33:11 yoda2 named[382]: samba_dlz: added rdataset
STHE-C-MULTI29.stetherese.lan
'STHE-C-MULTI29.stetherese.lan.#0111200#011IN#011A#011172.16.7.194'
Mar 20 14:33:11 yoda2 named[382]: samba_dlz: subtracted rdataset
stetherese.lan
'stetherese.lan.#0113600#011IN#011SOA#011yoda2.stetherese.lan.
hostmaster.stetherese.lan. 28821 900 600 86400 3600
                   '
Mar 20 14:33:11 yoda2 named[382]: samba_dlz: added rdataset stetherese.lan
'stetherese.lan.#0113600#011IN#011SOA#011yoda2.stetherese.lan.
hostmaster.stetherese.lan. 28822 900 600 86400 3600'
Mar 20 14:33:12 yoda2 named[382]: samba_dlz: committed transaction on zone
stetherese.lan

is it the same for you?
thanks
Pierre



Le lun. 18 mars 2019 à 14:29, Rowland Penny via samba <samba at lists.samba.org>
a écrit :

> On Mon, 18 Mar 2019 09:16:01 +0100
> Denis Cardon via samba <samba at lists.samba.org> wrote:
>
> > Hi Pierre,
> >
> > > Does someone know a way to automatically store the hwaddress in the
> > > AD? I'm using Veyon in my school to manage the students PCs and if
> > > the hwadress is populated in the AD, the Room configuration can be
> > > set with AD otherwise i have to manage rooms manually.
> > > I'm using samba4 with bind and isc-dhcp-server are on the same
> > > server. Can we use scripts or some ways?
> >
> > There is nothing to do that directly integrated in Samba-AD. If you
> > have WAPT installed on your network, you should check the following
> > thread on the WAPT mailing list, the exact same topic on configuring
> > Veyon and macAddress was covered with a simple solution (as long as
> > you have WAPT installed):
> > https://lists.tranquil.it/pipermail/wapt/2019-January/003034.html
> >
> > Cheers,
> >
> > Denis
>
> Hi Denis,
> The only problem with your method is that it will only work for
> Windows clients, having said that, if you only have Windows clients,
> then it isn't a problem ;-)
>
> If you are using Bind9 and updating dns via the script found here:
>
>
> https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_with_BIND9
>
> You can extend it to do the same thing and this will update all domain
> members, Linux and Windows.
>
> All you need to do is, replace the last line 'exit ${result}' with this:
>
> Hostname=$(hostname -s)
>
> # For this to work, you must add 'dhcpduser' to the 'Domain Admins' group
> Computer_Object=$(ldbsearch -k yes -H ldap://"$Hostname"
> "(&(objectclass=computer)(objectclass=ieee802Device)(cn=$name))" | grep -v
> '#' | grep -v 'ref:')
> if [ -z "$Computer_Object" ]; then
>     # Computer object not found with the 'ieee802Device' objectclass,
>     # does the computer actually exist, it should if it is joined to the
> domain.
>     Computer_Object=$(ldbsearch -k yes -H ldap://"$Hostname"
> "(&(objectclass=computer)(cn=$name))" | grep -v '#' | grep -v 'ref:')
>     if [ -z "$Computer_Object" ]; then
>         logger "Computer '$name' not found. Exiting."
>         result="${result}68"
>         exit "${result}"
>     else
>         DN=$(echo "$Computer_Object" | grep 'dn:')
>         objldif="$DN
> changetype: modify
> add: objectclass
> objectclass: ieee802Device"
>
>         attrldif="$DN
> changetype: modify
> add: macAddress
> macAddress: $DHCID"
>
>         # add the ldif
>         echo "$objldif" | ldbmodify -k yes -H ldap://"$Hostname"
>         ret="$?"
>         if [ "$ret" -ne 0 ]; then
>             logger "Error modifying Computer objectclass $name in AD."
>             result="${result}${ret}"
>             exit "${result}"
>         fi
>         sleep 2
>         echo "$attrldif" | ldbmodify -k yes -H ldap://"$Hostname"
>         ret="$?"
>         if [ "$ret" -ne 0 ]; then
>             logger "Error modifying Computer attribute $name in AD."
>             result="${result}${ret}"
>             exit "${result}"
>         fi
>         unset objldif
>         unset attrldif
>         logger "Successfully modified Computer $name in AD"
>     fi
> else
>     DN=$(echo "$Computer_Object" | grep 'dn:')
>    attrldif="$DN
> changetype: modify
> replace: macAddress
> macAddress: $DHCID"
>
>     echo "$attrldif" | ldbmodify -k yes -H ldap://"$Hostname"
>         ret="$?"
>         if [ "$ret" -ne 0 ]; then
>         logger "Error modifying Computer attribute $name in AD."
>         result="${result}${ret}"
>         exit "${result}"
>     fi
>     unset attrldif
>     logger "Successfully modified Computer $name in AD"
>     result="${result}0"
> fi
>
> exit ${result}
>
> Add 'dhcpduser' to the 'Domain Admins' group and it should just work.
>
> There are a couple of 'gotchas', it will (obviously) only work for
> clients that get their IP via DHCP and then only if they are joined to
> the domain.
>
> Finally, somebody should tell Veyon that their documentation is wrong,
> there is a standard AD attribute to store a MAC address in.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


--


More information about the samba mailing list