[Samba] Configure DHCP to update DNS records problem

Wed Aug 2 16:45:13 UTC 2023

On 02/08/2023 17:14, Chris Nighswonger via samba wrote:
> Hello all,
> 
> After several days of working on this, I'm stuck. Hopefully someone can point out what I'm missing here.
> 
> I'm working with this script to dynamically update my Samba AD DC DNS:
> 
> https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records
> 
> Short of it:
> 
> The script does not update the DNS records due to samba-tool failing for some unknown reason.
> 
> Long of it:
> 
> 1. As seen below, the script runs as the dhcpd user.
> 2. samba-tool executes fine using kerberos when su'ed as the dhcpd user.
> 3. However, the samba-tool calls inside the script fail.
> 
> Notes:
> 
> 1. I've added a few additional logger lines for my own debugging sanity.
> 2. The DHCP server runs on a separate box from the AD DC server.
> 3. I'm using a user map entry to map the AD user 'dhcpduser' to the system user 'dhcpd'.
> 
> Version info:
> 
> root at S1:/etc/dhcp (master)# lsb_release -a
> No LSB modules are available.
> Distributor ID: Ubuntu
> Description: Ubuntu 14.04.6 LTS
> Release: 14.04
> Codename: trusty
> root at S1:/etc/dhcp (master)# samba-tool -V
> 4.3.11-Ubuntu
> root at S1:/etc/dhcp (master)# /usr/sbin/dhcpd --version
> isc-dhcpd-4.2.4
> 
> 
> Relevant syslog entries:
> 
> Aug 2 10:22:53 S1 dhcpd: execute_statement argv[0] = /usr/local/bin/dhcp-dyndns.sh
> Aug 2 10:22:53 S1 dhcpd: execute_statement argv[1] = add
> Aug 2 10:22:53 S1 dhcpd: execute_statement argv[2] = 192.168.x.x
> Aug 2 10:22:53 S1 dhcpd: execute_statement argv[3] = b8:41:a4:xx:xx:xx
> Aug 2 10:22:53 S1 dhcpd: execute_statement argv[4] = iPhone
> Aug 2 10:22:54 S1 logger: 02-08-23 10:22:54 [dyndns] : Running check for valid kerberos ticket
> Aug 2 10:22:54 S1 logger: I am uid=105(dhcpd) gid=111(dhcpd) groups=111(dhcpd)
> Aug 2 10:22:54 S1 logger: /usr/bin/samba-tool dns query dc1.foo.bar foo.bar iPhone A -k yes
> Aug 2 10:22:55 S1 logger: Results: 0
> Aug 2 10:22:55 S1 logger: A_REC:
> Aug 2 10:22:55 S1 logger: 'A' record changed, updating record.
> Aug 2 10:22:55 S1 logger: /usr/bin/samba-tool dns delete dc1.foo.bar foo.bar iPhone A -k yes
> Aug 2 10:22:55 S1 logger: /usr/bin/samba-tool dns add dc1.foo.bar foo.bar iPhone A 192.168.x.x -k yes
> Aug 2 10:22:56 S1 logger: /usr/bin/samba-tool dns zonelist dc1.foo.bar -k yes --reverse
> Aug 2 10:22:56 S1 logger: ReverseZones:
> Aug 2 10:22:57 S1 logger: No reverse zone found, not updating
> Aug 2 10:22:57 S1 logger: RESULTS: 2:2:0:0
> Aug 2 10:22:57 S1 logger: count: 1
> Aug 2 10:22:57 S1 logger: DHCP-DNS add failed: 2:2:0:0
> Aug 2 10:22:57 S1 dhcpd: execute: /usr/local/bin/dhcp-dyndns.sh exit status 256
> 
> 
> root at S1:/etc/dhcp (master)# ps -ef | egrep -i samba-tool
> dhcpd 13461 13460 0 10:21 ? 00:00:00 /usr/bin/python2.7 /usr/bin/samba-tool dns zonelist dc1.foo.bar -k yes --reverse
> 
> 
> root at S1:/etc/dhcp (master)# su dhcpd
> dhcpd at S1:/etc/dhcp$ id
> uid=105(dhcpd) gid=111(dhcpd) groups=111(dhcpd)
> dhcpd at S1:/etc/dhcp$ /usr/bin/python2.7 /usr/bin/samba-tool dns zonelist dc1.foo.bar -k yes --reverse
> 6 zone(s) found
> 
> pszZoneName : x.168.192.in-addr.arpa
> Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
> pszDpFqdn : DomainDnsZones.foo.bar
> 
> pszZoneName : x.168.192.in-addr.arpa
> Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
> pszDpFqdn : DomainDnsZones.foo.bar
> 
> pszZoneName : x.168.192.in-addr.arpa
> Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
> pszDpFqdn : DomainDnsZones.foo.bar
> 
> pszZoneName : x.168.192.in-addr.arpa
> Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
> pszDpFqdn : DomainDnsZones.foo.bar
> 
> pszZoneName : x.168.192.in-addr.arpa
> Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
> pszDpFqdn : DomainDnsZones.foo.bar
> 
> pszZoneName : x.168.192.in-addr.arpa
> Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
> pszDpFqdn : DomainDnsZones.foo.bar
> dhcpd at S1:/etc/dhcp$ exit
> 
> Kind regards,
> Chris
> 

Why do you have 6 reverse zones called 'x.168.192.in-addr.arpa ' ?

If the 'x' is a redacted number, why redact it and why not just use one 
reverse zone: 168.192.in-addr.arpa

However, the main question is: Why are you still using a dead OS, Ubuntu 
14.04 went EOL in 2019 and Samba EOL'd 4.3.11 in 2017.

I am sorry, but I cannot help with this, your setup is just too old.

Rowland