jokie74 at webstatics.de
2019-Aug-13 13:50 UTC
[Samba] Configure DHCP to update DNS records with BIND9
Hello everyone, I have configured my Samba as AD with BIND9_DLZ as backend and trying to configure the ISC-DHCP-server to add the leases to BIND_DLZ As described in the samba wiki: https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_with_B IND9 Everything is working fine so far, but I get an error message as shown below in syslog: Aug 13 14:32:28 SAMBA dhcpd[4635]: DHCPDISCOVER from 60:6d:3c:09:6a:52 (amazon-b550a4de2) via home.lan Aug 13 14:32:29 SAMBA dhcpd[4635]: DHCPOFFER on 192.168.0.104 to 60:6d:3c:09:6a:52 (amazon-b550a4de2) via home.lan Aug 13 14:32:29 SAMBA dhcpd[4635]: Commit: IP: 192.168.0.104 DHCID: 60:6d:3c:09:6a:52 Name: amazon-b550a4de2 Aug 13 14:32:29 SAMBA dhcpd[4635]: execute_statement argv[0] /usr/local/bin/dhcp-dyndns.sh Aug 13 14:32:29 SAMBA dhcpd[4635]: execute_statement argv[1] = add Aug 13 14:32:29 SAMBA dhcpd[4635]: execute_statement argv[2] = 192.168.0.104 Aug 13 14:32:29 SAMBA dhcpd[4635]: execute_statement argv[3] 60:6d:3c:09:6a:52 Aug 13 14:32:29 SAMBA dhcpd[4635]: execute_statement argv[4] amazon-b550a4de2 Aug 13 14:32:29 SAMBA named[11842]: samba_dlz: allowing update of signer=dhcpduser\@HOME.LAN name=amazon-b550a4de2.HOME.LAN tcpaddr=127.0.0.1 type=A key=365897329.sig-samba.home.lan/160/0 Aug 13 14:32:29 SAMBA named[11842]: samba_dlz: allowing update of signer=dhcpduser\@HOME.LAN name=amazon-b550a4de2.HOME.LAN tcpaddr=127.0.0.1 type=A key=365897329.sig-samba.home.lan/160/0 Aug 13 14:32:29 SAMBA named[11842]: client @0x7f118109b250 127.0.0.1#47097/key dhcpduser\@HOME.LAN: updating zone 'home.lan/NONE': deleting rrset at 'amazon-b550a4de2.HOME.LAN' A Aug 13 14:32:29 SAMBA named[11842]: client @0x7f118109b250 127.0.0.1#47097/key dhcpduser\@HOME.LAN: updating zone 'home.lan/NONE': adding an RR at 'amazon-b550a4de2.HOME.LAN' A 192.168.0.104 Aug 13 14:32:29 SAMBA named[11842]: client @0x7f118104d710 127.0.0.1#54253/key dhcpduser\@HOME.LAN: signer "dhcpduser\@HOME.LAN" denied Aug 13 14:32:29 SAMBA named[11842]: client @0x7f118104d710 127.0.0.1#54253/key dhcpduser\@HOME.LAN: update '0.168.192.in-addr.arpa/IN' denied Aug 13 14:32:29 SAMBA dhcpd: DHCP-DNS Update failed: 02 This is my dhcpd.conf: ddns-update-style none; update-static-leases on; allow unknown-clients; use-host-decl-names on; default-lease-time 86400; #24 hours max-lease-time 86400; supersede domain-name "home.lan"; prepend domain-name-servers 127.0.0.1; authoritative; log-facility local7; subnet 192.168.0.0 netmask 255.255.255.0 { option domain-name "HOME.LAN"; option domain-name-servers 192.168.0.1; option subnet-mask 255.255.255.0; option routers 192.168.0.254; option netbios-name-servers 192.168.0.1; option ntp-servers 192.168.0.1; option broadcast-address 192.168.0.255; option time-offset 0; ddns-domainname "HOME.LAN. <http://HOME.LAN.> "; ddns-rev-domainname "0.168.192.in-addr.arpa."; option ntp-servers 192.168.0.1; pool { range 192.168.0.100 192.168.0.200; } } on commit { set noname = concat("dhcp-", binary-to-ascii(10, 8, "-", leased-address)); set ClientIP = binary-to-ascii(10, 8, ".", leased-address); set ClientDHCID = concat ( suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,1,1))),2), ":", suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,2,1))),2), ":", suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,3,1))),2), ":", suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,4,1))),2), ":", suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,5,1))),2), ":", suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,6,1))),2) ); set ClientName = pick-first-value(option host-name, config-option-host-name, client-name, noname); log(concat("Commit: IP: ", ClientIP, " DHCID: ", ClientDHCID, " Name: ", ClientName)); execute("/usr/local/bin/dhcp-dyndns.sh", "add", ClientIP, ClientDHCID, ClientName); } on release { set ClientIP = binary-to-ascii(10, 8, ".", leased-address); set ClientDHCID = concat ( suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,1,1))),2), ":", suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,2,1))),2), ":", suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,3,1))),2), ":", suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,4,1))),2), ":", suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,5,1))),2), ":", suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,6,1))),2) ); log(concat("Release: IP: ", ClientIP)); execute("/usr/local/bin/dhcp-dyndns.sh", "delete", ClientIP, ClientDHCID); } on expiry { set ClientIP = binary-to-ascii(10, 8, ".", leased-address); # cannot get a ClientMac here, apparently this only works when actually receiving a packet log(concat("Expired: IP: ", ClientIP)); # cannot get a ClientName here, for some reason that always fails execute("/usr/local/bin/dhcp-dyndns.sh", "delete", ClientIP, "", "0"); } Hostname resolution is working for all devices after the IP is provided by the dhcp server. Please could you help me to find out what is wrong or why I'm getting this error and where it is comming from.??? Any help and suggestion is much appreciated. thanks you in advance. Best regards, Joerg
L.P.H. van Belle
2019-Aug-13 14:25 UTC
[Samba] Configure DHCP to update DNS records with BIND9
Hai, Can you post your bind9 config also. Might be handy because i think you missing something there. For example. named.conf.options options { ..... // https://wiki.samba.org/index.php/Dns-backend_bind // DNS dynamic updates via Kerberos (optional, but recommended) //tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab"; // before samba 4.9 tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab"; // after samba 4.9 or an upgraded samba as of 4.9. }; include "/etc/bind/rndc.key"; controls { inet 127.0.0.1 allow { localhost; } keys { rndc-key;}; //inet ::1 allow { localhost; } keys { rndc-key;}; }; Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Joerg via samba > Verzonden: dinsdag 13 augustus 2019 15:50 > Aan: samba at lists.samba.org > Onderwerp: [Samba] Configure DHCP to update DNS records with BIND9 > > Hello everyone, > > > > I have configured my Samba as AD with BIND9_DLZ as backend > and trying to > configure the ISC-DHCP-server to add the leases to BIND_DLZ > > As described in the samba wiki: > https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_ > records_with_B > IND9 > > > > Everything is working fine so far, but I get an error message > as shown below > in syslog: > > > > Aug 13 14:32:28 SAMBA dhcpd[4635]: DHCPDISCOVER from 60:6d:3c:09:6a:52 > (amazon-b550a4de2) via home.lan > > Aug 13 14:32:29 SAMBA dhcpd[4635]: DHCPOFFER on 192.168.0.104 to > 60:6d:3c:09:6a:52 (amazon-b550a4de2) via home.lan > > Aug 13 14:32:29 SAMBA dhcpd[4635]: Commit: IP: 192.168.0.104 DHCID: > 60:6d:3c:09:6a:52 Name: amazon-b550a4de2 > > Aug 13 14:32:29 SAMBA dhcpd[4635]: execute_statement argv[0] > /usr/local/bin/dhcp-dyndns.sh > > Aug 13 14:32:29 SAMBA dhcpd[4635]: execute_statement argv[1] = add > > Aug 13 14:32:29 SAMBA dhcpd[4635]: execute_statement argv[2] > = 192.168.0.104 > > Aug 13 14:32:29 SAMBA dhcpd[4635]: execute_statement argv[3] > 60:6d:3c:09:6a:52 > > Aug 13 14:32:29 SAMBA dhcpd[4635]: execute_statement argv[4] > amazon-b550a4de2 > > Aug 13 14:32:29 SAMBA named[11842]: samba_dlz: allowing update of > signer=dhcpduser\@HOME.LAN name=amazon-b550a4de2.HOME.LAN > tcpaddr=127.0.0.1 > type=A key=365897329.sig-samba.home.lan/160/0 > > Aug 13 14:32:29 SAMBA named[11842]: samba_dlz: allowing update of > signer=dhcpduser\@HOME.LAN name=amazon-b550a4de2.HOME.LAN > tcpaddr=127.0.0.1 > type=A key=365897329.sig-samba.home.lan/160/0 > > Aug 13 14:32:29 SAMBA named[11842]: client @0x7f118109b250 > 127.0.0.1#47097/key dhcpduser\@HOME.LAN: updating zone > 'home.lan/NONE': > deleting rrset at 'amazon-b550a4de2.HOME.LAN' A > > Aug 13 14:32:29 SAMBA named[11842]: client @0x7f118109b250 > 127.0.0.1#47097/key dhcpduser\@HOME.LAN: updating zone > 'home.lan/NONE': > adding an RR at 'amazon-b550a4de2.HOME.LAN' A 192.168.0.104 > > Aug 13 14:32:29 SAMBA named[11842]: client @0x7f118104d710 > 127.0.0.1#54253/key dhcpduser\@HOME.LAN: signer > "dhcpduser\@HOME.LAN" denied > > Aug 13 14:32:29 SAMBA named[11842]: client @0x7f118104d710 > 127.0.0.1#54253/key dhcpduser\@HOME.LAN: update > '0.168.192.in-addr.arpa/IN' > denied > > Aug 13 14:32:29 SAMBA dhcpd: DHCP-DNS Update failed: 02 > > > > This is my dhcpd.conf: > > > > ddns-update-style none; > > update-static-leases on; > > allow unknown-clients; > > use-host-decl-names on; > > default-lease-time 86400; #24 hours > > max-lease-time 86400; > > supersede domain-name "home.lan"; > > prepend domain-name-servers 127.0.0.1; > > authoritative; > > log-facility local7; > > > > subnet 192.168.0.0 netmask 255.255.255.0 { > > option domain-name "HOME.LAN"; > > option domain-name-servers 192.168.0.1; > > option subnet-mask 255.255.255.0; > > option routers 192.168.0.254; > > option netbios-name-servers 192.168.0.1; > > option ntp-servers 192.168.0.1; > > option broadcast-address 192.168.0.255; > > option time-offset 0; > > ddns-domainname "HOME.LAN. <http://HOME.LAN.> "; > > ddns-rev-domainname "0.168.192.in-addr.arpa."; > > option ntp-servers 192.168.0.1; > > pool { > > range 192.168.0.100 192.168.0.200; > > } > > } > > > > on commit { > > set noname = concat("dhcp-", binary-to-ascii(10, 8, "-", > leased-address)); > > set ClientIP = binary-to-ascii(10, 8, ".", leased-address); > > set ClientDHCID = concat ( > > suffix (concat ("0", binary-to-ascii (16, 8, "", > substring(hardware,1,1))),2), ":", > > suffix (concat ("0", binary-to-ascii (16, 8, "", > substring(hardware,2,1))),2), ":", > > suffix (concat ("0", binary-to-ascii (16, 8, "", > substring(hardware,3,1))),2), ":", > > suffix (concat ("0", binary-to-ascii (16, 8, "", > substring(hardware,4,1))),2), ":", > > suffix (concat ("0", binary-to-ascii (16, 8, "", > substring(hardware,5,1))),2), ":", > > suffix (concat ("0", binary-to-ascii (16, 8, "", > substring(hardware,6,1))),2) > > ); > > set ClientName = pick-first-value(option host-name, > config-option-host-name, > client-name, noname); > > log(concat("Commit: IP: ", ClientIP, " DHCID: ", ClientDHCID, > " Name: ", > ClientName)); > > execute("/usr/local/bin/dhcp-dyndns.sh", "add", ClientIP, ClientDHCID, > ClientName); > > } > > > > on release { > > set ClientIP = binary-to-ascii(10, 8, ".", leased-address); > > set ClientDHCID = concat ( > > suffix (concat ("0", binary-to-ascii (16, 8, "", > substring(hardware,1,1))),2), ":", > > suffix (concat ("0", binary-to-ascii (16, 8, "", > substring(hardware,2,1))),2), ":", > > suffix (concat ("0", binary-to-ascii (16, 8, "", > substring(hardware,3,1))),2), ":", > > suffix (concat ("0", binary-to-ascii (16, 8, "", > substring(hardware,4,1))),2), ":", > > suffix (concat ("0", binary-to-ascii (16, 8, "", > substring(hardware,5,1))),2), ":", > > suffix (concat ("0", binary-to-ascii (16, 8, "", > substring(hardware,6,1))),2) > > ); > > log(concat("Release: IP: ", ClientIP)); > > execute("/usr/local/bin/dhcp-dyndns.sh", "delete", ClientIP, > ClientDHCID); > > } > > > > on expiry { > > set ClientIP = binary-to-ascii(10, 8, ".", leased-address); > > # cannot get a ClientMac here, apparently this only works > when actually > receiving a packet > > log(concat("Expired: IP: ", ClientIP)); > > # cannot get a ClientName here, for some reason that always fails > > execute("/usr/local/bin/dhcp-dyndns.sh", "delete", ClientIP, "", "0"); > > } > > > > Hostname resolution is working for all devices after the IP > is provided by > the dhcp server. > > Please could you help me to find out what is wrong or why I'm > getting this > error and where it is comming from.??? > > Any help and suggestion is much appreciated. thanks you in advance. > > > > Best regards, > > Joerg > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Rowland penny
2019-Aug-13 15:05 UTC
[Samba] Configure DHCP to update DNS records with BIND9
On 13/08/2019 14:50, Joerg via samba wrote:> Hello everyone, > > > > I have configured my Samba as AD with BIND9_DLZ as backend and trying to > configure the ISC-DHCP-server to add the leases to BIND_DLZ > > As described in the samba wiki: > https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_with_B > IND9No you haven't, you have altered the top by adding lines that have never been tested, they may work but but are not supported> Everything is working fine so far, but I get an error message as shown below > in syslog:Again, no it isn't, the updates are failing, what version of Samba? ? What version of isc-dhcp-server ? What version of Bind9 ? What OS ? Rowland
Rowland penny
2019-Aug-13 17:26 UTC
[Samba] Configure DHCP to update DNS records with BIND9
On 13/08/2019 17:53, jokie74 at webstatics.de wrote:> Hello, > > I implemented the samba on a running Bind9 DHCP environment, so I already had a working BIND9 config with dynamic DNS updates. This is the reason why there are some lines on top.I suggest you follow the wiki, it is known to work with your Samba version, you can add extra lines after you get it working.> I am using Ubuntu 18.04 > > root at SAMBA:~# uname -r > 4.15.0-55-genericI actually meant your version of Samba, but never mind, unless you have installed Samba from elsewhere, it will be 4.7.6> -------------------------------------------- > root at SAMBA:~# apt show bind9 > Package: bind9 > Version: 1:9.11.3+dfsg-1ubuntu1.8 > -------------------------------------------- > root at SAMBA:~# apt show isc-dhcp-server > Package: isc-dhcp-server > Version: 4.3.5-3ubuntu7.1 > ---------------------------------------------------------------------- > root at SAMBA:~# cat /etc/bind/named.conf.options > acl internals { > localhost; > localnets; > };Why set 'acl internals' ? you never use it.> options { > directory "/var/cache/bind"; > notify no; > tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab"; > empty-zones-enable no; > > forwarders { > 8.8.4.4; > 8.8.8.8; > }; > > allow-query { > 127.0.0.1; > 192.168.0.0/24; > }; > > allow-recursion { > 127.0.0.1; > 192.168.0.0/24; > }; > > allow-transfer { > none; > }; > > dnssec-validation auto;Change 'dns-validation auto;' to 'dns-validation no;' Also add: ??? dnssec-enable no; ??? dnssec-lookaside no;> auth-nxdomain no; # conform to RFC1035Remove the above, The DC is Authoritative.> listen-on-v6 { any; };I would also add something like: listen-on port 53 { 192.168.0.6; 127.0.0.1; };> }; > -------------------------------------------------------------------------------------------- >Do you have the following in /etc/bind/name.conf.local: include "/var/lib/samba/private/named.conf"; Rowland
Rowland penny
2019-Aug-13 18:06 UTC
[Samba] Configure DHCP to update DNS records with BIND9
On 13/08/2019 18:56, jokie74 at webstatics.de wrote:> Hi Rowland, > > many thanks for your advise here. Unfortunately I am not a BIND keyuser... I added all what the "How-to" website asked me to ?Which 'how-to' ?> > root at SAMBA:~# cat /etc/bind/named.conf.local > // > // Do any local configuration here > // > > // Consider adding the 1918 zones here, if they are not used in your > // organization > //include "/etc/bind/zones.rfc1918"; > dlz "AD DNS Zone" { > database "dlopen /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so"; > }; > > Instead of including the samba named.conf, I added the entry directly...Not a good idea, I would change it to a link> > After I configured as you suggested, everything looks good > > root at SAMBA:~# cat /var/log/syslog |grep dhcp > Aug 13 19:46:17 SAMBA dhcpd[21975]: DHCPREQUEST for 192.168.0.105 (192.168.0.1) from 88:71:b1:b4:3d:8e (UPC-TV-BOX-1) via home.lan > Aug 13 19:46:17 SAMBA dhcpd[21975]: DHCPACK on 192.168.0.105 to 88:71:b1:b4:3d:8e (UPC-TV-BOX-1) via home.lan > Aug 13 19:47:44 SAMBA dhcpd[21975]: Commit: IP: 192.168.0.120 DHCID: b0:6e:bf:5f:f1:46 Name: BUERO-PC > Aug 13 19:47:44 SAMBA dhcpd[21975]: execute_statement argv[0] = /usr/local/bin/dhcp-dyndns.sh > Aug 13 19:47:44 SAMBA dhcpd[21975]: execute_statement argv[1] = add > Aug 13 19:47:44 SAMBA dhcpd[21975]: execute_statement argv[2] = 192.168.0.120 > Aug 13 19:47:44 SAMBA dhcpd[21975]: execute_statement argv[3] = b0:6e:bf:5f:f1:46 > Aug 13 19:47:44 SAMBA dhcpd[21975]: execute_statement argv[4] = BUERO-PC > Aug 13 19:47:44 SAMBA named[19244]: samba_dlz: allowing update of signer=dhcpduser\@HOME.LAN name=BUERO-PC.HOME.LAN tcpaddr=127.0.0.1 type=A key=4202548530.sig-samba.home.lan/160/0 > Aug 13 19:47:44 SAMBA named[19244]: samba_dlz: allowing update of signer=dhcpduser\@HOME.LAN name=BUERO-PC.HOME.LAN tcpaddr=127.0.0.1 type=A key=4202548530.sig-samba.home.lan/160/0 > Aug 13 19:47:44 SAMBA named[19244]: client @0x7f0831053330 127.0.0.1#44779/key dhcpduser\@HOME.LAN: updating zone 'home.lan/NONE': deleting rrset at 'BUERO-PC.HOME.LAN' A > Aug 13 19:47:44 SAMBA named[19244]: client @0x7f0831053330 127.0.0.1#44779/key dhcpduser\@HOME.LAN: updating zone 'home.lan/NONE': adding an RR at 'BUERO-PC.HOME.LAN' A 192.168.0.120 > Aug 13 19:47:44 SAMBA named[19244]: samba_dlz: allowing update of signer=dhcpduser\@HOME.LAN name=120.0.168.192.in-addr.arpa tcpaddr=127.0.0.1 type=PTR key=3686372350.sig-samba.home.lan/160/0 > Aug 13 19:47:44 SAMBA named[19244]: samba_dlz: allowing update of signer=dhcpduser\@HOME.LAN name=120.0.168.192.in-addr.arpa tcpaddr=127.0.0.1 type=PTR key=3686372350.sig-samba.home.lan/160/0 > Aug 13 19:47:44 SAMBA named[19244]: client @0x7f0830fc4fb0 127.0.0.1#46721/key dhcpduser\@HOME.LAN: updating zone '0.168.192.in-addr.arpa/NONE': deleting rrset at '120.0.168.192.in-addr.arpa' PTR > Aug 13 19:47:44 SAMBA named[19244]: client @0x7f0830fc4fb0 127.0.0.1#46721/key dhcpduser\@HOME.LAN: updating zone '0.168.192.in-addr.arpa/NONE': adding an RR at '120.0.168.192.in-addr.arpa' PTR BUERO-PC.HOME.LAN. > Aug 13 19:47:44 SAMBA dhcpd: DHCP-DNS Update succeeded > > Thanks a lot...Can I suggest that if you use anything from the Samba wiki, you follow it as closely as possibly, it is known to work and if something changes and it stops working, it will get fixed and the wikipage updated. Know you have got it working, can I introduce you to this web page: http://apt.van-belle.nl/ There you will find the latest Samba version for Ubuntu 18.04 Rowland
Maybe Matching Threads
- samba_dnsupdate options: --use-samba-tool vs. --use-nsupdate, and dhcpd dynamic updates
- DDNS with bind9 and isc-dhcp-server
- samba4 bind9_dlz and dhcp
- samba_dnsupdate options: --use-samba-tool vs. --use-nsupdate, and dhcpd dynamic updates
- Securring DHCP, with DDNS