samba - Nov 2015 - DDNS and DHCP problems

Hello all,

I have two new server samba4, with isc-dhcp and Bind. ( Thanks to Louis 
's scripts )
The AD was migrate from 2 Windows 2000 servers last friday, with a copy 
of them in a private lan.
Today we have shutdown the old windows 2000 server and put the 2 new 
samba4 in place of them.
The problem is that the DHCP does not update the DNS systematically...
That works with laptops ( which have not been connected to the lan last 
week ), but without reverse ptr too...

I can see some error in the syslog file :
Nov 16 17:19:39 S4 named[2269]: samba_dlz b9_format: unhandled record type 0
Nov 16 17:19:53 S4 named[2269]: samba_dlz: starting transaction on zone 
ariane.intra
Nov 16 17:19:53 S4 named[2269]: client 172.21.37.104#51400: update 
'ariane.intra/IN' denied
Nov 16 17:19:53 S4 named[2269]: samba_dlz: cancelling transaction on 
zone ariane.intra
Nov 16 17:19:53 S4 named[2269]: samba_dlz: starting transaction on zone 
ariane.intra
Nov 16 17:19:53 S4 named[2269]: samba_dlz: disallowing update of 
signer=l-s4gt963\$\@ARIANE.INTRA name=L-S4GT963.ariane.intra type=A 
error=insufficient access rights
Nov 16 17:19:53 S4 named[2269]: client 172.21.37.104#50486: updating 
zone 'ariane.intra/NONE': update failed: rejected by secure update
(REFUSED)
Nov 16 17:19:53 S4 named[2269]: samba_dlz: cancelling transaction on 
zone ariane.intra

I identified these potential mistakes and try to resolve it without 
better results :
- I was trying to update dns in server1 from the server2 dhcp
- In smb.conf I set allow dns updates = secure ( and not nonsecure and 
secure like in the samba wiki )

Thanks for helping!
Best regards.

Sam

On 16/11/15 17:12, Sam wrote:
> Hello all,
>
> I have two new server samba4, with isc-dhcp and Bind. ( Thanks to 
> Louis 's scripts )
> The AD was migrate from 2 Windows 2000 servers last friday, with a 
> copy of them in a private lan.
> Today we have shutdown the old windows 2000 server and put the 2 new 
> samba4 in place of them.
> The problem is that the DHCP does not update the DNS systematically...
> That works with laptops ( which have not been connected to the lan 
> last week ), but without reverse ptr too...
>
> I can see some error in the syslog file :
> Nov 16 17:19:39 S4 named[2269]: samba_dlz b9_format: unhandled record 
> type 0
> Nov 16 17:19:53 S4 named[2269]: samba_dlz: starting transaction on 
> zone ariane.intra
> Nov 16 17:19:53 S4 named[2269]: client 172.21.37.104#51400: update 
> 'ariane.intra/IN' denied
> Nov 16 17:19:53 S4 named[2269]: samba_dlz: cancelling transaction on 
> zone ariane.intra
> Nov 16 17:19:53 S4 named[2269]: samba_dlz: starting transaction on 
> zone ariane.intra
> Nov 16 17:19:53 S4 named[2269]: samba_dlz: disallowing update of 
> signer=l-s4gt963\$\@ARIANE.INTRA name=L-S4GT963.ariane.intra type=A 
> error=insufficient access rights
> Nov 16 17:19:53 S4 named[2269]: client 172.21.37.104#50486: updating 
> zone 'ariane.intra/NONE': update failed: rejected by secure update 
> (REFUSED)
> Nov 16 17:19:53 S4 named[2269]: samba_dlz: cancelling transaction on 
> zone ariane.intra
>
> I identified these potential mistakes and try to resolve it without 
> better results :
> - I was trying to update dns in server1 from the server2 dhcp
> - In smb.conf I set allow dns updates = secure ( and not nonsecure and 
> secure like in the samba wiki )
>
> Thanks for helping!
> Best regards.
>
> Sam
It looks to me as if your windows clients are trying to update their own 
records, there is a GPO to stop this.
You should run dhcp and bind on the same DC. You do not need to change 
anything in smb.conf if your setup is correct.

Rowland

Another mistake : The louis's script ddns-kerberos-check.sh was not 
running in hourly.cron directory  ( i make a chmod 770 to resolve that )

to recall here what I did:
- I cloned the Windows 2000 server AD servers on a private network and I 
migrated to samba4
- Meanwhile, users have continued to use the Windows 2000 AD servers on 
the production network
- I replaced the production servers by samba4 servers from the private 
network.

In fact, the online computers when we deleted the windows 2000 servers 
AD are rejected.
If I try a computer created and joined in the new samba4 AD it's working 
too.

Are there some things to set before replacing the old DCs? ( like 
shortening the leases times on the actual DHCP? )
Or must I restart the above migration procedure without leaving the 
running windows 2000 servers for users during that time?

Here is the last extract of syslog :

*for a new linux client :*
Nov 17 13:43:59 S4 dhcpd: data: host_decl_name: not available
Nov 17 13:43:59 S4 dhcpd: execute_statement argv[0] = 
/etc/dhcp/bin/dhcp-dyndns-debian.sh
Nov 17 13:43:59 S4 dhcpd: execute_statement argv[1] = add
Nov 17 13:43:59 S4 dhcpd: execute_statement argv[2] = 172.20.4.28
Nov 17 13:43:59 S4 dhcpd: execute_statement argv[3] = dhcp-172-20-4-28
Nov 17 13:43:59 S4 dhcpd: execute_statement argv[4] = 0:50:56:8f:6:f4
Nov 17 13:43:59 S4 dhcpd: DHCPREQUEST for 172.20.4.28 from 
00:50:56:8f:06:f4 via eth0
Nov 17 13:43:59 S4 dhcpd: DHCPACK on 172.20.4.28 to 00:50:56:8f:06:f4 
via eth0
Nov 17 13:43:59 S4 named[2309]: samba_dlz: starting transaction on zone 
ariane.intra
Nov 17 13:43:59 S4 named[2309]: samba_dlz: allowing update of 
signer=dhcpd-user\@ARIANE.INTRA name=dhcp-172-20-4-28.ariane.intra 
tcpaddr=172.20.2.2 type=A key=1292405312.sig-s4.ariane.intra/160/0
Nov 17 13:43:59 S4 named[2309]: samba_dlz: allowing update of 
signer=dhcpd-user\@ARIANE.INTRA name=dhcp-172-20-4-28.ariane.intra 
tcpaddr=172.20.2.2 type=A key=1292405312.sig-s4.ariane.intra/160/0
Nov 17 13:43:59 S4 named[2309]: client 172.20.2.2#48911: updating zone 
'ariane.intra/NONE': deleting rrset at
'dhcp-172-20-4-28.ariane.intra' A
Nov 17 13:43:59 S4 named[2309]: samba_dlz: subtracted rdataset 
dhcp-172-20-4-28.ariane.intra 
'dhcp-172-20-4-28.ariane.intra.#0113600#011IN#011A#011172.20.4.28'
Nov 17 13:43:59 S4 named[2309]: client 172.20.2.2#48911: updating zone 
'ariane.intra/NONE': adding an RR at
'dhcp-172-20-4-28.ariane.intra' A
Nov 17 13:43:59 S4 named[2309]: samba_dlz: added rdataset 
dhcp-172-20-4-28.ariane.intra 
'dhcp-172-20-4-28.ariane.intra.#0113600#011IN#011A#011172.20.4.28'
Nov 17 13:43:59 S4 named[2309]: samba_dlz: committed transaction on zone 
ariane.intra
Nov 17 13:43:59 S4 named[2309]: samba_dlz: starting transaction on zone 
4.20.172.in-addr.arpa
Nov 17 13:43:59 S4 named[2309]: samba_dlz: allowing update of 
signer=dhcpd-user\@ARIANE.INTRA name=28.4.20.172.in-addr.arpa 
tcpaddr=172.20.2.2 type=PTR key=2742923346.sig-s4.ariane.intra/160/0
Nov 17 13:43:59 S4 named[2309]: samba_dlz: allowing update of 
signer=dhcpd-user\@ARIANE.INTRA name=28.4.20.172.in-addr.arpa 
tcpaddr=172.20.2.2 type=PTR key=2742923346.sig-s4.ariane.intra/160/0
Nov 17 13:43:59 S4 named[2309]: client 172.20.2.2#55304: updating zone 
'4.20.172.in-addr.arpa/NONE': deleting rrset at 
'28.4.20.172.in-addr.arpa' PTR
Nov 17 13:43:59 S4 named[2309]: samba_dlz: subtracted rdataset 
28.4.20.172.in-addr.arpa 
'28.4.20.172.in-addr.arpa.#0113600#011IN#011PTR#011dhcp-172-20-4-28.ariane.intra.'
Nov 17 13:43:59 S4 named[2309]: client 172.20.2.2#55304: updating zone 
'4.20.172.in-addr.arpa/NONE': adding an RR at
'28.4.20.172.in-addr.arpa' PTR
Nov 17 13:43:59 S4 named[2309]: samba_dlz: added rdataset 
28.4.20.172.in-addr.arpa 
'28.4.20.172.in-addr.arpa.#0113600#011IN#011PTR#011dhcp-172-20-4-28.ariane.intra.'
Nov 17 13:43:59 S4 named[2309]: samba_dlz: committed transaction on zone 
4.20.172.in-addr.arpa
Nov 17 13:43:59 S4 dhcpd: DDNS: adding records for 172.20.4.28 
(dhcp-172-20-4-28.ariane.intra) succeeded

*For a new win7 client**:*
Nov 17 14:10:38 S4 dhcpd: execute_statement argv[0] = 
/etc/dhcp/bin/dhcp-dyndns-debian.sh
Nov 17 14:10:38 S4 dhcpd: execute_statement argv[1] = add
Nov 17 14:10:38 S4 dhcpd: execute_statement argv[2] = 172.20.4.1
Nov 17 14:10:38 S4 dhcpd: execute_statement argv[3] = client7-PC
Nov 17 14:10:38 S4 dhcpd: execute_statement argv[4] = 0:50:56:8f:18:c0
Nov 17 14:10:38 S4 dhcpd: DHCPREQUEST for 172.20.4.1 from 
00:50:56:8f:18:c0 (client7-PC) via eth0
Nov 17 14:10:38 S4 dhcpd: DHCPACK on 172.20.4.1 to 00:50:56:8f:18:c0 
(client7-PC) via eth0
Nov 17 14:10:38 S4 named[2309]: samba_dlz: starting transaction on zone 
ariane.intra
Nov 17 14:10:38 S4 named[2309]: samba_dlz: disallowing update of 
signer=dhcpd-user\@ARIANE.INTRA name=client7-PC.ariane.intra type=A 
error=insufficient access rights
Nov 17 14:10:38 S4 named[2309]: client 172.20.2.2#49326: updating zone 
'ariane.intra/NONE': update failed: rejected by secure update (REFUSED)
Nov 17 14:10:38 S4 named[2309]: samba_dlz: cancelling transaction on 
zone ariane.intra
Nov 17 14:10:38 S4 named[2309]: samba_dlz: starting transaction on zone 
ariane.intra
Nov 17 14:10:38 S4 named[2309]: client 172.20.4.1#60306: update 
'ariane.intra/IN' denied
Nov 17 14:10:38 S4 named[2309]: samba_dlz: cancelling transaction on 
zone ariane.intra
Nov 17 14:10:38 S4 named[2309]: samba_dlz: starting transaction on zone 
4.20.172.in-addr.arpa
Nov 17 14:10:38 S4 named[2309]: samba_dlz: allowing update of 
signer=dhcpd-user\@ARIANE.INTRA name=1.4.20.172.in-addr.arpa 
tcpaddr=172.20.2.2 type=PTR key=3681185047.sig-s4.ariane.intra/160/0
Nov 17 14:10:38 S4 named[2309]: samba_dlz: allowing update of 
signer=dhcpd-user\@ARIANE.INTRA name=1.4.20.172.in-addr.arpa 
tcpaddr=172.20.2.2 type=PTR key=3681185047.sig-s4.ariane.intra/160/0
Nov 17 14:10:38 S4 named[2309]: client 172.20.2.2#35232: updating zone 
'4.20.172.in-addr.arpa/NONE': deleting rrset at 
'1.4.20.172.in-addr.arpa' PTR
Nov 17 14:10:38 S4 named[2309]: samba_dlz: subtracted rdataset 
1.4.20.172.in-addr.arpa 
'1.4.20.172.in-addr.arpa.#0113600#011IN#011PTR#011client7-PC.ariane.intra.'
Nov 17 14:10:38 S4 named[2309]: samba_dlz: starting transaction on zone 
ariane.intra
Nov 17 14:10:38 S4 named[2309]: samba_dlz: transaction already started 
for zone ariane.intra
Nov 17 14:10:38 S4 named[2309]: sdlz newversion on origin ariane.intra 
failed : failure
Nov 17 14:10:38 S4 named[2309]: client 172.20.2.2#35232: updating zone 
'4.20.172.in-addr.arpa/NONE': adding an RR at
'1.4.20.172.in-addr.arpa' PTR
Nov 17 14:10:38 S4 named[2309]: samba_dlz: added rdataset 
1.4.20.172.in-addr.arpa 
'1.4.20.172.in-addr.arpa.#0113600#011IN#011PTR#011client7-PC.ariane.intra.'
Nov 17 14:10:38 S4 named[2309]: samba_dlz: committed transaction on zone 
4.20.172.in-addr.arpa
Nov 17 14:10:38 S4 dhcpd: DDNS: adding records for 172.20.4.1 
(client7-PC.ariane.intra) FAILED: nsupdate status 2
Nov 17 14:10:38 S4 named[2309]: samba_dlz: starting transaction on zone 
ariane.intra
Nov 17 14:10:38 S4 named[2309]: client 172.20.4.1#51087: update 
'ariane.intra/IN' denied
Nov 17 14:10:38 S4 named[2309]: samba_dlz: cancelling transaction on 
zone ariane.intra
Nov 17 14:10:38 S4 named[2309]: samba_dlz: starting transaction on zone 
ariane.intra
Nov 17 14:10:38 S4 named[2309]: samba_dlz: allowing update of 
signer=client7-pc\$\@ARIANE.INTRA name=client7-PC.ariane.intra tcpaddr= 
type=AAAA key=260-ms-7.2-1bcc44.6c4f03db-8d28-11e5-ab9f-0050568f18c0/160/0
Nov 17 14:10:38 S4 named[2309]: samba_dlz: allowing update of 
signer=client7-pc\$\@ARIANE.INTRA name=client7-PC.ariane.intra tcpaddr= 
type=A key=260-ms-7.2-1bcc44.6c4f03db-8d28-11e5-ab9f-0050568f18c0/160/0
Nov 17 14:10:38 S4 named[2309]: samba_dlz: allowing update of 
signer=client7-pc\$\@ARIANE.INTRA name=client7-PC.ariane.intra tcpaddr= 
type=A key=260-ms-7.2-1bcc44.6c4f03db-8d28-11e5-ab9f-0050568f18c0/160/0
Nov 17 14:10:38 S4 named[2309]: client 172.20.4.1#60224: updating zone 
'ariane.intra/NONE': deleting rrset at 'client7-PC.ariane.intra'
AAAA
Nov 17 14:10:38 S4 named[2309]: client 172.20.4.1#60224: updating zone 
'ariane.intra/NONE': deleting rrset at 'client7-PC.ariane.intra'
A
Nov 17 14:10:38 S4 named[2309]: samba_dlz: subtracted rdataset 
client7-PC.ariane.intra 
'client7-PC.ariane.intra.#0111200#011IN#011A#011172.20.4.1'
Nov 17 14:10:38 S4 named[2309]: client 172.20.4.1#60224: updating zone 
'ariane.intra/NONE': adding an RR at 'client7-PC.ariane.intra' A
Nov 17 14:10:38 S4 named[2309]: samba_dlz: added rdataset 
client7-PC.ariane.intra 
'client7-PC.ariane.intra.#0111200#011IN#011A#011172.20.4.1'
Nov 17 14:10:38 S4 named[2309]: samba_dlz: committed transaction on zone 
ariane.intra
Nov 17 14:10:38 S4 named[2309]: samba_dlz: starting transaction on zone 
ariane.intraNov 17 14:10:38 S4 named[2309]: client 172.20.4.1#51226: 
update 'ariane.intra/IN' denied
Nov 17 14:10:38 S4 named[2309]: samba_dlz: cancelling transaction on 
zone ariane.intra
Nov 17 14:10:38 S4 named[2309]: samba_dlz: starting transaction on zone 
ariane.intra
Nov 17 14:10:38 S4 named[2309]: samba_dlz: allowing update of 
signer=client7-pc\$\@ARIANE.INTRA name=client7-PC.ariane.intra tcpaddr= 
type=AAAA key=260-ms-7.2-1bcc44.6c4f03db-8d28-11e5-ab9f-0050568f18c0/160/0
Nov 17 14:10:38 S4 named[2309]: samba_dlz: allowing update of 
signer=client7-pc\$\@ARIANE.INTRA name=client7-PC.ariane.intra tcpaddr= 
type=A key=260-ms-7.2-1bcc44.6c4f03db-8d28-11e5-ab9f-0050568f18c0/160/0
Nov 17 14:10:38 S4 named[2309]: samba_dlz: allowing update of 
signer=client7-pc\$\@ARIANE.INTRA name=client7-PC.ariane.intra tcpaddr= 
type=A key=260-ms-7.2-1bcc44.6c4f03db-8d28-11e5-ab9f-0050568f18c0/160/0
Nov 17 14:10:38 S4 named[2309]: client 172.20.4.1#58165: updating zone 
'ariane.intra/NONE': deleting rrset at 'client7-PC.ariane.intra'
AAAA
Nov 17 14:10:38 S4 named[2309]: client 172.20.4.1#58165: updating zone 
'ariane.intra/NONE': deleting rrset at 'client7-PC.ariane.intra'
A
Nov 17 14:10:38 S4 named[2309]: samba_dlz: subtracted rdataset 
client7-PC.ariane.intra 
'client7-PC.ariane.intra.#0111200#011IN#011A#011172.20.4.1'
Nov 17 14:10:38 S4 named[2309]: client 172.20.4.1#58165: updating zone 
'ariane.intra/NONE': adding an RR at 'client7-PC.ariane.intra' A
Nov 17 14:10:38 S4 named[2309]: samba_dlz: added rdataset 
client7-PC.ariane.intra 
'client7-PC.ariane.intra.#0111200#011IN#011A#011172.20.4.1'
Nov 17 14:10:38 S4 named[2309]: samba_dlz: committed transaction on zone 
ariane.intra

Thanks all!
Sam

Le 16/11/2015 19:12, Rowland Penny a écrit :
> On 16/11/15 17:12, Sam wrote:
>> Hello all,
>>
>> I have two new server samba4, with isc-dhcp and Bind. ( Thanks to 
>> Louis 's scripts )
>> The AD was migrate from 2 Windows 2000 servers last friday, with a 
>> copy of them in a private lan.
>> Today we have shutdown the old windows 2000 server and put the 2 new 
>> samba4 in place of them.
>> The problem is that the DHCP does not update the DNS systematically...
>> That works with laptops ( which have not been connected to the lan 
>> last week ), but without reverse ptr too...
>>
>> I can see some error in the syslog file :
>> Nov 16 17:19:39 S4 named[2269]: samba_dlz b9_format: unhandled record 
>> type 0
>> Nov 16 17:19:53 S4 named[2269]: samba_dlz: starting transaction on 
>> zone ariane.intra
>> Nov 16 17:19:53 S4 named[2269]: client 172.21.37.104#51400: update 
>> 'ariane.intra/IN' denied
>> Nov 16 17:19:53 S4 named[2269]: samba_dlz: cancelling transaction on 
>> zone ariane.intra
>> Nov 16 17:19:53 S4 named[2269]: samba_dlz: starting transaction on 
>> zone ariane.intra
>> Nov 16 17:19:53 S4 named[2269]: samba_dlz: disallowing update of 
>> signer=l-s4gt963\$\@ARIANE.INTRA name=L-S4GT963.ariane.intra type=A 
>> error=insufficient access rights
>> Nov 16 17:19:53 S4 named[2269]: client 172.21.37.104#50486: updating 
>> zone 'ariane.intra/NONE': update failed: rejected by secure
update
>> (REFUSED)
>> Nov 16 17:19:53 S4 named[2269]: samba_dlz: cancelling transaction on 
>> zone ariane.intra
>>
>> I identified these potential mistakes and try to resolve it without 
>> better results :
>> - I was trying to update dns in server1 from the server2 dhcp
>> - In smb.conf I set allow dns updates = secure ( and not nonsecure 
>> and secure like in the samba wiki )
>>
>> Thanks for helping!
>> Best regards.
>>
>> Sam
>
> It looks to me as if your windows clients are trying to update their 
> own records, there is a GPO to stop this.
> You should run dhcp and bind on the same DC. You do not need to change 
> anything in smb.conf if your setup is correct.
>
> Rowland
>

Hai Sam, 

i see. 

samba_dlz: disallowing update of signer=dhcpd-user\@ARIANE.INTRA
name=client7-PC.ariane.intra type=A error=insufficient access rights

try this. 
Poweroff that pc. 
Remove the A and PTR records from DNS. 
Start up again and post that log. 

Or check the owner and rights on the A and PTR records. 
I this there is your error, and probely because of testing out. 

Gr. 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Sam
> Verzonden: dinsdag 17 november 2015 16:31
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] DDNS and DHCP problems
> 
> Another mistake : The louis's script ddns-kerberos-check.sh was not
> running in hourly.cron directory  ( i make a chmod 770 to resolve that )
> 
> to recall here what I did:
> - I cloned the Windows 2000 server AD servers on a private network and I
> migrated to samba4
> - Meanwhile, users have continued to use the Windows 2000 AD servers on
> the production network
> - I replaced the production servers by samba4 servers from the private
> network.
> 
> In fact, the online computers when we deleted the windows 2000 servers
> AD are rejected.
> If I try a computer created and joined in the new samba4 AD it's
working
> too.
> 
> Are there some things to set before replacing the old DCs? ( like
> shortening the leases times on the actual DHCP? )
> Or must I restart the above migration procedure without leaving the
> running windows 2000 servers for users during that time?
> 
> Here is the last extract of syslog :
> 
> *for a new linux client :*
> Nov 17 13:43:59 S4 dhcpd: data: host_decl_name: not available
> Nov 17 13:43:59 S4 dhcpd: execute_statement argv[0] >
/etc/dhcp/bin/dhcp-dyndns-debian.sh
> Nov 17 13:43:59 S4 dhcpd: execute_statement argv[1] = add
> Nov 17 13:43:59 S4 dhcpd: execute_statement argv[2] = 172.20.4.28
> Nov 17 13:43:59 S4 dhcpd: execute_statement argv[3] = dhcp-172-20-4-28
> Nov 17 13:43:59 S4 dhcpd: execute_statement argv[4] = 0:50:56:8f:6:f4
> Nov 17 13:43:59 S4 dhcpd: DHCPREQUEST for 172.20.4.28 from
> 00:50:56:8f:06:f4 via eth0
> Nov 17 13:43:59 S4 dhcpd: DHCPACK on 172.20.4.28 to 00:50:56:8f:06:f4
> via eth0
> Nov 17 13:43:59 S4 named[2309]: samba_dlz: starting transaction on zone
> ariane.intra
> Nov 17 13:43:59 S4 named[2309]: samba_dlz: allowing update of
> signer=dhcpd-user\@ARIANE.INTRA name=dhcp-172-20-4-28.ariane.intra
> tcpaddr=172.20.2.2 type=A key=1292405312.sig-s4.ariane.intra/160/0
> Nov 17 13:43:59 S4 named[2309]: samba_dlz: allowing update of
> signer=dhcpd-user\@ARIANE.INTRA name=dhcp-172-20-4-28.ariane.intra
> tcpaddr=172.20.2.2 type=A key=1292405312.sig-s4.ariane.intra/160/0
> Nov 17 13:43:59 S4 named[2309]: client 172.20.2.2#48911: updating zone
> 'ariane.intra/NONE': deleting rrset at
'dhcp-172-20-4-28.ariane.intra' A
> Nov 17 13:43:59 S4 named[2309]: samba_dlz: subtracted rdataset
> dhcp-172-20-4-28.ariane.intra
> 'dhcp-172-20-4-28.ariane.intra.#0113600#011IN#011A#011172.20.4.28'
> Nov 17 13:43:59 S4 named[2309]: client 172.20.2.2#48911: updating zone
> 'ariane.intra/NONE': adding an RR at
'dhcp-172-20-4-28.ariane.intra' A
> Nov 17 13:43:59 S4 named[2309]: samba_dlz: added rdataset
> dhcp-172-20-4-28.ariane.intra
> 'dhcp-172-20-4-28.ariane.intra.#0113600#011IN#011A#011172.20.4.28'
> Nov 17 13:43:59 S4 named[2309]: samba_dlz: committed transaction on zone
> ariane.intra
> Nov 17 13:43:59 S4 named[2309]: samba_dlz: starting transaction on zone
> 4.20.172.in-addr.arpa
> Nov 17 13:43:59 S4 named[2309]: samba_dlz: allowing update of
> signer=dhcpd-user\@ARIANE.INTRA name=28.4.20.172.in-addr.arpa
> tcpaddr=172.20.2.2 type=PTR key=2742923346.sig-s4.ariane.intra/160/0
> Nov 17 13:43:59 S4 named[2309]: samba_dlz: allowing update of
> signer=dhcpd-user\@ARIANE.INTRA name=28.4.20.172.in-addr.arpa
> tcpaddr=172.20.2.2 type=PTR key=2742923346.sig-s4.ariane.intra/160/0
> Nov 17 13:43:59 S4 named[2309]: client 172.20.2.2#55304: updating zone
> '4.20.172.in-addr.arpa/NONE': deleting rrset at
> '28.4.20.172.in-addr.arpa' PTR
> Nov 17 13:43:59 S4 named[2309]: samba_dlz: subtracted rdataset
> 28.4.20.172.in-addr.arpa
> '28.4.20.172.in-addr.arpa.#0113600#011IN#011PTR#011dhcp-172-20-4-
> 28.ariane.intra.'
> Nov 17 13:43:59 S4 named[2309]: client 172.20.2.2#55304: updating zone
> '4.20.172.in-addr.arpa/NONE': adding an RR at
'28.4.20.172.in-addr.arpa'
> PTR
> Nov 17 13:43:59 S4 named[2309]: samba_dlz: added rdataset
> 28.4.20.172.in-addr.arpa
> '28.4.20.172.in-addr.arpa.#0113600#011IN#011PTR#011dhcp-172-20-4-
> 28.ariane.intra.'
> Nov 17 13:43:59 S4 named[2309]: samba_dlz: committed transaction on zone
> 4.20.172.in-addr.arpa
> Nov 17 13:43:59 S4 dhcpd: DDNS: adding records for 172.20.4.28
> (dhcp-172-20-4-28.ariane.intra) succeeded
> 
> *For a new win7 client**:*
> Nov 17 14:10:38 S4 dhcpd: execute_statement argv[0] >
/etc/dhcp/bin/dhcp-dyndns-debian.sh
> Nov 17 14:10:38 S4 dhcpd: execute_statement argv[1] = add
> Nov 17 14:10:38 S4 dhcpd: execute_statement argv[2] = 172.20.4.1
> Nov 17 14:10:38 S4 dhcpd: execute_statement argv[3] = client7-PC
> Nov 17 14:10:38 S4 dhcpd: execute_statement argv[4] = 0:50:56:8f:18:c0
> Nov 17 14:10:38 S4 dhcpd: DHCPREQUEST for 172.20.4.1 from
> 00:50:56:8f:18:c0 (client7-PC) via eth0
> Nov 17 14:10:38 S4 dhcpd: DHCPACK on 172.20.4.1 to 00:50:56:8f:18:c0
> (client7-PC) via eth0
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: starting transaction on zone
> ariane.intra
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: disallowing update of
> signer=dhcpd-user\@ARIANE.INTRA name=client7-PC.ariane.intra type=A
> error=insufficient access rights
> Nov 17 14:10:38 S4 named[2309]: client 172.20.2.2#49326: updating zone
> 'ariane.intra/NONE': update failed: rejected by secure update
(REFUSED)
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: cancelling transaction on
> zone ariane.intra
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: starting transaction on zone
> ariane.intra
> Nov 17 14:10:38 S4 named[2309]: client 172.20.4.1#60306: update
> 'ariane.intra/IN' denied
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: cancelling transaction on
> zone ariane.intra
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: starting transaction on zone
> 4.20.172.in-addr.arpa
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: allowing update of
> signer=dhcpd-user\@ARIANE.INTRA name=1.4.20.172.in-addr.arpa
> tcpaddr=172.20.2.2 type=PTR key=3681185047.sig-s4.ariane.intra/160/0
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: allowing update of
> signer=dhcpd-user\@ARIANE.INTRA name=1.4.20.172.in-addr.arpa
> tcpaddr=172.20.2.2 type=PTR key=3681185047.sig-s4.ariane.intra/160/0
> Nov 17 14:10:38 S4 named[2309]: client 172.20.2.2#35232: updating zone
> '4.20.172.in-addr.arpa/NONE': deleting rrset at
> '1.4.20.172.in-addr.arpa' PTR
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: subtracted rdataset
> 1.4.20.172.in-addr.arpa
> '1.4.20.172.in-addr.arpa.#0113600#011IN#011PTR#011client7-
> PC.ariane.intra.'
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: starting transaction on zone
> ariane.intra
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: transaction already started
> for zone ariane.intra
> Nov 17 14:10:38 S4 named[2309]: sdlz newversion on origin ariane.intra
> failed : failure
> Nov 17 14:10:38 S4 named[2309]: client 172.20.2.2#35232: updating zone
> '4.20.172.in-addr.arpa/NONE': adding an RR at
'1.4.20.172.in-addr.arpa'
> PTR
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: added rdataset
> 1.4.20.172.in-addr.arpa
> '1.4.20.172.in-addr.arpa.#0113600#011IN#011PTR#011client7-
> PC.ariane.intra.'
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: committed transaction on zone
> 4.20.172.in-addr.arpa
> Nov 17 14:10:38 S4 dhcpd: DDNS: adding records for 172.20.4.1
> (client7-PC.ariane.intra) FAILED: nsupdate status 2
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: starting transaction on zone
> ariane.intra
> Nov 17 14:10:38 S4 named[2309]: client 172.20.4.1#51087: update
> 'ariane.intra/IN' denied
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: cancelling transaction on
> zone ariane.intra
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: starting transaction on zone
> ariane.intra
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: allowing update of
> signer=client7-pc\$\@ARIANE.INTRA name=client7-PC.ariane.intra tcpaddr>
type=AAAA key=260-ms-7.2-1bcc44.6c4f03db-8d28-11e5-ab9f-0050568f18c0/160/0
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: allowing update of
> signer=client7-pc\$\@ARIANE.INTRA name=client7-PC.ariane.intra tcpaddr>
type=A key=260-ms-7.2-1bcc44.6c4f03db-8d28-11e5-ab9f-0050568f18c0/160/0
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: allowing update of
> signer=client7-pc\$\@ARIANE.INTRA name=client7-PC.ariane.intra tcpaddr>
type=A key=260-ms-7.2-1bcc44.6c4f03db-8d28-11e5-ab9f-0050568f18c0/160/0
> Nov 17 14:10:38 S4 named[2309]: client 172.20.4.1#60224: updating zone
> 'ariane.intra/NONE': deleting rrset at
'client7-PC.ariane.intra' AAAA
> Nov 17 14:10:38 S4 named[2309]: client 172.20.4.1#60224: updating zone
> 'ariane.intra/NONE': deleting rrset at
'client7-PC.ariane.intra' A
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: subtracted rdataset
> client7-PC.ariane.intra
> 'client7-PC.ariane.intra.#0111200#011IN#011A#011172.20.4.1'
> Nov 17 14:10:38 S4 named[2309]: client 172.20.4.1#60224: updating zone
> 'ariane.intra/NONE': adding an RR at
'client7-PC.ariane.intra' A
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: added rdataset
> client7-PC.ariane.intra
> 'client7-PC.ariane.intra.#0111200#011IN#011A#011172.20.4.1'
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: committed transaction on zone
> ariane.intra
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: starting transaction on zone
> ariane.intraNov 17 14:10:38 S4 named[2309]: client 172.20.4.1#51226:
> update 'ariane.intra/IN' denied
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: cancelling transaction on
> zone ariane.intra
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: starting transaction on zone
> ariane.intra
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: allowing update of
> signer=client7-pc\$\@ARIANE.INTRA name=client7-PC.ariane.intra tcpaddr>
type=AAAA key=260-ms-7.2-1bcc44.6c4f03db-8d28-11e5-ab9f-0050568f18c0/160/0
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: allowing update of
> signer=client7-pc\$\@ARIANE.INTRA name=client7-PC.ariane.intra tcpaddr>
type=A key=260-ms-7.2-1bcc44.6c4f03db-8d28-11e5-ab9f-0050568f18c0/160/0
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: allowing update of
> signer=client7-pc\$\@ARIANE.INTRA name=client7-PC.ariane.intra tcpaddr>
type=A key=260-ms-7.2-1bcc44.6c4f03db-8d28-11e5-ab9f-0050568f18c0/160/0
> Nov 17 14:10:38 S4 named[2309]: client 172.20.4.1#58165: updating zone
> 'ariane.intra/NONE': deleting rrset at
'client7-PC.ariane.intra' AAAA
> Nov 17 14:10:38 S4 named[2309]: client 172.20.4.1#58165: updating zone
> 'ariane.intra/NONE': deleting rrset at
'client7-PC.ariane.intra' A
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: subtracted rdataset
> client7-PC.ariane.intra
> 'client7-PC.ariane.intra.#0111200#011IN#011A#011172.20.4.1'
> Nov 17 14:10:38 S4 named[2309]: client 172.20.4.1#58165: updating zone
> 'ariane.intra/NONE': adding an RR at
'client7-PC.ariane.intra' A
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: added rdataset
> client7-PC.ariane.intra
> 'client7-PC.ariane.intra.#0111200#011IN#011A#011172.20.4.1'
> Nov 17 14:10:38 S4 named[2309]: samba_dlz: committed transaction on zone
> ariane.intra
> 
> Thanks all!
> Sam
> 
> Le 16/11/2015 19:12, Rowland Penny a écrit :
> > On 16/11/15 17:12, Sam wrote:
> >> Hello all,
> >>
> >> I have two new server samba4, with isc-dhcp and Bind. ( Thanks to
> >> Louis 's scripts )
> >> The AD was migrate from 2 Windows 2000 servers last friday, with a
> >> copy of them in a private lan.
> >> Today we have shutdown the old windows 2000 server and put the 2
new
> >> samba4 in place of them.
> >> The problem is that the DHCP does not update the DNS
systematically...
> >> That works with laptops ( which have not been connected to the lan
> >> last week ), but without reverse ptr too...
> >>
> >> I can see some error in the syslog file :
> >> Nov 16 17:19:39 S4 named[2269]: samba_dlz b9_format: unhandled
record
> >> type 0
> >> Nov 16 17:19:53 S4 named[2269]: samba_dlz: starting transaction on
> >> zone ariane.intra
> >> Nov 16 17:19:53 S4 named[2269]: client 172.21.37.104#51400: update
> >> 'ariane.intra/IN' denied
> >> Nov 16 17:19:53 S4 named[2269]: samba_dlz: cancelling transaction
on
> >> zone ariane.intra
> >> Nov 16 17:19:53 S4 named[2269]: samba_dlz: starting transaction on
> >> zone ariane.intra
> >> Nov 16 17:19:53 S4 named[2269]: samba_dlz: disallowing update of
> >> signer=l-s4gt963\$\@ARIANE.INTRA name=L-S4GT963.ariane.intra
type=A
> >> error=insufficient access rights
> >> Nov 16 17:19:53 S4 named[2269]: client 172.21.37.104#50486:
updating
> >> zone 'ariane.intra/NONE': update failed: rejected by
secure update
> >> (REFUSED)
> >> Nov 16 17:19:53 S4 named[2269]: samba_dlz: cancelling transaction
on
> >> zone ariane.intra
> >>
> >> I identified these potential mistakes and try to resolve it
without
> >> better results :
> >> - I was trying to update dns in server1 from the server2 dhcp
> >> - In smb.conf I set allow dns updates = secure ( and not nonsecure
> >> and secure like in the samba wiki )
> >>
> >> Thanks for helping!
> >> Best regards.
> >>
> >> Sam
> >
> > It looks to me as if your windows clients are trying to update their
> > own records, there is a GPO to stop this.
> > You should run dhcp and bind on the same DC. You do not need to change
> > anything in smb.conf if your setup is correct.
> >
> > Rowland
> >
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba