Hello All, I have 2 samba4 AD server with dhpd and dynamic DNS. I have well understand that for now it's not possible to have 2 DHCP server running in the same time. So I would have at a time only one dhcp server running. If the first server got a problem I want to manually start the isc-dhcp service in the second to rescue the system. But It's not working as I expected... If I switch off Isc-dhcp service in the first DC and switch on in the other one I get these errors : ipconfig /release Jan 26 11:41:36 S4 named[2308]: samba_dlz: starting transaction on zone ariane.intra Jan 26 11:41:36 S4 named[2308]: client 172.20.4.2#54917: update 'ariane.intra/IN' denied Jan 26 11:41:36 S4 named[2308]: samba_dlz: cancelling transaction on zone ariane.intra Jan 26 11:41:36 S4 named[2308]: samba_dlz: starting transaction on zone ariane.intra Jan 26 11:41:36 S4 named[2308]: samba_dlz: disallowing update of signer=client7-pcbis\$\@ARIANE.INTRA name=client7-PCbis.ariane.intra type=A*error=**insufficient access rights* Jan 26 11:41:36 S4 named[2308]: client 172.20.4.2#65046: updating zone 'ariane.intra/NONE': update failed: rejected by secure update (REFUSED) Jan 26 11:41:36 S4 named[2308]: samba_dlz: cancelling transaction on zone ariane.intra ipconfig /renew Jan 26 11:43:22 S4 dhcpd: DHCPDISCOVER from 00:50:56:8f:55:b6 via eth0 Jan 26 11:43:23 S4 dhcpd: DHCPOFFER on 172.20.4.2 to 00:50:56:8f:55:b6 (client7-PCbis) via eth0 Jan 26 11:43:23 S4 dhcpd: execute_statement argv[0] = /etc/dhcp/bin/dhcp-dyndns-debian.sh Jan 26 11:43:23 S4 dhcpd: execute_statement argv[1] = add Jan 26 11:43:23 S4 dhcpd: execute_statement argv[2] = 172.20.4.2 Jan 26 11:43:23 S4 dhcpd: execute_statement argv[3] = client7-PCbis Jan 26 11:43:23 S4 dhcpd: execute_statement argv[4] = 0:50:56:8f:55:b6 Jan 26 11:43:23 S4 dhcpd: DHCPREQUEST for 172.20.4.2 (172.20.2.2) from 00:50:56:8f:55:b6 (client7-PCbis) via eth0 Jan 26 11:43:23 S4 dhcpd: DHCPACK on 172.20.4.2 to 00:50:56:8f:55:b6 (client7-PCbis) via eth0 Jan 26 11:43:23 S4 named[2308]: samba_dlz: starting transaction on zone ariane.intra Jan 26 11:43:23 S4 named[2308]: samba_dlz: allowing update of signer=dhcpd-user\@ARIANE.INTRA name=client7-PCbis.ariane.intra tcpaddr=172.20.2.2 type=A key=1616985151.sig-s4.ariane.intra/160/0 Jan 26 11:43:23 S4 named[2308]: samba_dlz: allowing update of signer=dhcpd-user\@ARIANE.INTRA name=client7-PCbis.ariane.intra tcpaddr=172.20.2.2 type=A key=1616985151.sig-s4.ariane.intra/160/0 Jan 26 11:43:23 S4 named[2308]: client 172.20.2.2#57599: updating zone 'ariane.intra/NONE': deleting rrset at 'client7-PCbis.ariane.intra' A Jan 26 11:43:23 S4 named[2308]: client 172.20.2.2#57599: updating zone 'ariane.intra/NONE': adding an RR at 'client7-PCbis.ariane.intra' A Jan 26 11:43:23 S4 named[2308]: samba_dlz: added rdataset client7-PCbis.ariane.intra 'client7-PCbis.ariane.intra.#0113600#011IN#011A#011172.20.4.2' Jan 26 11:43:23 S4 named[2308]: samba_dlz: subtracted rdataset ariane.intra 'ariane.intra.#0113600#011IN#011SOA#011s4.ariane.intra. admin.ariane.intra. 98438 900 600 86400 3600' Jan 26 11:43:23 S4 named[2308]: samba_dlz: added rdataset ariane.intra 'ariane.intra.#0113600#011IN#011SOA#011s4.ariane.intra. admin.ariane.intra. 98439 900 600 86400 3600' Jan 26 11:43:23 S4 named[2308]: samba_dlz: committed transaction on zone ariane.intra Jan 26 11:43:23 S4 named[2308]: samba_dlz: starting transaction on zone 4.20.172.in-addr.arpa Jan 26 11:43:23 S4 named[2308]: samba_dlz: allowing update of signer=dhcpd-user\@ARIANE.INTRA name=2.4.20.172.in-addr.arpa tcpaddr=172.20.2.2 type=PTR key=1880656139.sig-s4.ariane.intra/160/0 Jan 26 11:43:23 S4 named[2308]: samba_dlz: allowing update of signer=dhcpd-user\@ARIANE.INTRA name=2.4.20.172.in-addr.arpa tcpaddr=172.20.2.2 type=PTR key=1880656139.sig-s4.ariane.intra/160/0 Jan 26 11:43:23 S4 named[2308]: client 172.20.2.2#39255: updating zone '4.20.172.in-addr.arpa/NONE': deleting rrset at '2.4.20.172.in-addr.arpa' PTR Jan 26 11:43:23 S4 named[2308]: client 172.20.2.2#39255: updating zone '4.20.172.in-addr.arpa/NONE': adding an RR at '2.4.20.172.in-addr.arpa' PTR Jan 26 11:43:23 S4 named[2308]: samba_dlz: added rdataset 2.4.20.172.in-addr.arpa '2.4.20.172.in-addr.arpa.#0113600#011IN#011PTR#011client7-PCbis.ariane.intra.' Jan 26 11:43:23 S4 named[2308]: samba_dlz: subtracted rdataset 4.20.172.in-addr.arpa '4.20.172.in-addr.arpa.#0113600#011IN#011SOA#011s4.ariane.intra. admin.ariane.intra. 34 900 600 86400 3600' Jan 26 11:43:23 S4 named[2308]: samba_dlz: added rdataset 4.20.172.in-addr.arpa '4.20.172.in-addr.arpa.#0113600#011IN#011SOA#011s4.ariane.intra. admin.ariane.intra. 35 900 600 86400 3600' Jan 26 11:43:23 S4 named[2308]: samba_dlz: committed transaction on zone 4.20.172.in-addr.arpa Jan 26 11:43:23 S4 dhcpd: DDNS: adding records for 172.20.4.2 (client7-PCbis.ariane.intra) succeeded Jan 26 11:43:27 S4 named[2308]: samba_dlz: starting transaction on zone ariane.intra Jan 26 11:43:27 S4 named[2308]: client 172.20.4.2#49708: update 'ariane.intra/IN' denied Jan 26 11:43:27 S4 named[2308]: samba_dlz: cancelling transaction on zone ariane.intra Jan 26 11:43:27 S4 named[2308]: samba_dlz: starting transaction on zone ariane.intra Jan 26 11:43:27 S4 named[2308]: samba_dlz: disallowing update of signer=client7-pcbis\$\@ARIANE.INTRA name=client7-PCbis.ariane.intra type=AAAA*error=insufficient access rights* Jan 26 11:43:27 S4 named[2308]: client 172.20.4.2#58780: updating zone 'ariane.intra/NONE': update failed: rejected by secure update (REFUSED) Jan 26 11:43:27 S4 named[2308]: samba_dlz: cancelling transaction on zone ariane.intra Jan 26 11:43:27 S4 named[2308]: samba_dlz: starting transaction on zone ariane.intra Jan 26 11:43:27 S4 named[2308]: client 172.20.4.2#62901: update 'ariane.intra/IN' denied Jan 26 11:43:27 S4 named[2308]: samba_dlz: cancelling transaction on zone ariane.intra Jan 26 11:43:27 S4 named[2308]: samba_dlz: starting transaction on zone ariane.intra Jan 26 11:43:27 S4 named[2308]: samba_dlz: disallowing update of signer=client7-pcbis\$\@ARIANE.INTRA name=client7-PCbis.ariane.intra type=AAAA*error=insufficient access rights* Jan 26 11:43:27 S4 named[2308]: client 172.20.4.2#60619: updating zone 'ariane.intra/NONE': update failed: rejected by secure update (REFUSED) Jan 26 11:43:27 S4 named[2308]: samba_dlz: cancelling transaction on zone ariane.intra Jan 26 11:43:30 S4 dhcpd: DHCPINFORM from 172.20.4.2 via eth0 Jan 26 11:43:30 S4 dhcpd: DHCPACK to 172.20.4.2 (00:50:56:8f:55:b6) via eth0 How to start quickly with the second DHCP server without mistakes and without manually remove the DNS entries? Thank you in advance for the answers! Sam
You may have 2 dhcps running, but you have to make sure the lease ranges are different. The first dns server stanza should refer to the server which gets the lease update. For the dns servers you would need to define each other as forwarder, probably by ip range, to be able to resolve the other (half of the) names. -- W.Mautner (Walter.mautner at ages.at) +43050555111 IKT Hotline> Am 26.01.2016 um 16:33 schrieb Sam <sr42354 at gmail.com>: > > Hello All, > > I have 2 samba4 AD server with dhpd and dynamic DNS. > I have well understand that for now it's not possible to have 2 DHCP server running in the same time. > So I would have at a time only one dhcp server running. > If the first server got a problem I want to manually start the isc-dhcp service in the second to rescue the system. > > But It's not working as I expected... > > If I switch off Isc-dhcp service in the first DC and switch on in the other one I get these errors : > > ipconfig /release > Jan 26 11:41:36 S4 named[2308]: samba_dlz: starting transaction on zone ariane.intra > Jan 26 11:41:36 S4 named[2308]: client 172.20.4.2#54917: update 'ariane.intra/IN' denied > Jan 26 11:41:36 S4 named[2308]: samba_dlz: cancelling transaction on zone ariane.intra > Jan 26 11:41:36 S4 named[2308]: samba_dlz: starting transaction on zone ariane.intra > Jan 26 11:41:36 S4 named[2308]: samba_dlz: disallowing update of signer=client7-pcbis\$\@ARIANE.INTRA name=client7-PCbis.ariane.intra type=A*error=**insufficient access rights* > Jan 26 11:41:36 S4 named[2308]: client 172.20.4.2#65046: updating zone 'ariane.intra/NONE': update failed: rejected by secure update (REFUSED) > Jan 26 11:41:36 S4 named[2308]: samba_dlz: cancelling transaction on zone ariane.intra > > ipconfig /renew > Jan 26 11:43:22 S4 dhcpd: DHCPDISCOVER from 00:50:56:8f:55:b6 via eth0 > Jan 26 11:43:23 S4 dhcpd: DHCPOFFER on 172.20.4.2 to 00:50:56:8f:55:b6 (client7-PCbis) via eth0 > Jan 26 11:43:23 S4 dhcpd: execute_statement argv[0] = /etc/dhcp/bin/dhcp-dyndns-debian.sh > Jan 26 11:43:23 S4 dhcpd: execute_statement argv[1] = add > Jan 26 11:43:23 S4 dhcpd: execute_statement argv[2] = 172.20.4.2 > Jan 26 11:43:23 S4 dhcpd: execute_statement argv[3] = client7-PCbis > Jan 26 11:43:23 S4 dhcpd: execute_statement argv[4] = 0:50:56:8f:55:b6 > Jan 26 11:43:23 S4 dhcpd: DHCPREQUEST for 172.20.4.2 (172.20.2.2) from 00:50:56:8f:55:b6 (client7-PCbis) via eth0 > Jan 26 11:43:23 S4 dhcpd: DHCPACK on 172.20.4.2 to 00:50:56:8f:55:b6 (client7-PCbis) via eth0 > Jan 26 11:43:23 S4 named[2308]: samba_dlz: starting transaction on zone ariane.intra > Jan 26 11:43:23 S4 named[2308]: samba_dlz: allowing update of signer=dhcpd-user\@ARIANE.INTRA name=client7-PCbis.ariane.intra tcpaddr=172.20.2.2 type=A key=1616985151.sig-s4.ariane.intra/160/0 > Jan 26 11:43:23 S4 named[2308]: samba_dlz: allowing update of signer=dhcpd-user\@ARIANE.INTRA name=client7-PCbis.ariane.intra tcpaddr=172.20.2.2 type=A key=1616985151.sig-s4.ariane.intra/160/0 > Jan 26 11:43:23 S4 named[2308]: client 172.20.2.2#57599: updating zone 'ariane.intra/NONE': deleting rrset at 'client7-PCbis.ariane.intra' A > Jan 26 11:43:23 S4 named[2308]: client 172.20.2.2#57599: updating zone 'ariane.intra/NONE': adding an RR at 'client7-PCbis.ariane.intra' A > Jan 26 11:43:23 S4 named[2308]: samba_dlz: added rdataset client7-PCbis.ariane.intra 'client7-PCbis.ariane.intra.#0113600#011IN#011A#011172.20.4.2' > Jan 26 11:43:23 S4 named[2308]: samba_dlz: subtracted rdataset ariane.intra 'ariane.intra.#0113600#011IN#011SOA#011s4.ariane.intra. admin.ariane.intra. 98438 900 600 86400 3600' > Jan 26 11:43:23 S4 named[2308]: samba_dlz: added rdataset ariane.intra 'ariane.intra.#0113600#011IN#011SOA#011s4.ariane.intra. admin.ariane.intra. 98439 900 600 86400 3600' > Jan 26 11:43:23 S4 named[2308]: samba_dlz: committed transaction on zone ariane.intra > Jan 26 11:43:23 S4 named[2308]: samba_dlz: starting transaction on zone 4.20.172.in-addr.arpa > Jan 26 11:43:23 S4 named[2308]: samba_dlz: allowing update of signer=dhcpd-user\@ARIANE.INTRA name=2.4.20.172.in-addr.arpa tcpaddr=172.20.2.2 type=PTR key=1880656139.sig-s4.ariane.intra/160/0 > Jan 26 11:43:23 S4 named[2308]: samba_dlz: allowing update of signer=dhcpd-user\@ARIANE.INTRA name=2.4.20.172.in-addr.arpa tcpaddr=172.20.2.2 type=PTR key=1880656139.sig-s4.ariane.intra/160/0 > Jan 26 11:43:23 S4 named[2308]: client 172.20.2.2#39255: updating zone '4.20.172.in-addr.arpa/NONE': deleting rrset at '2.4.20.172.in-addr.arpa' PTR > Jan 26 11:43:23 S4 named[2308]: client 172.20.2.2#39255: updating zone '4.20.172.in-addr.arpa/NONE': adding an RR at '2.4.20.172.in-addr.arpa' PTR > Jan 26 11:43:23 S4 named[2308]: samba_dlz: added rdataset 2.4.20.172.in-addr.arpa '2.4.20.172.in-addr.arpa.#0113600#011IN#011PTR#011client7-PCbis.ariane.intra.' > Jan 26 11:43:23 S4 named[2308]: samba_dlz: subtracted rdataset 4.20.172.in-addr.arpa '4.20.172.in-addr.arpa.#0113600#011IN#011SOA#011s4.ariane.intra. admin.ariane.intra. 34 900 600 86400 3600' > Jan 26 11:43:23 S4 named[2308]: samba_dlz: added rdataset 4.20.172.in-addr.arpa '4.20.172.in-addr.arpa.#0113600#011IN#011SOA#011s4.ariane.intra. admin.ariane.intra. 35 900 600 86400 3600' > Jan 26 11:43:23 S4 named[2308]: samba_dlz: committed transaction on zone 4.20.172.in-addr.arpa > Jan 26 11:43:23 S4 dhcpd: DDNS: adding records for 172.20.4.2 (client7-PCbis.ariane.intra) succeeded > Jan 26 11:43:27 S4 named[2308]: samba_dlz: starting transaction on zone ariane.intra > Jan 26 11:43:27 S4 named[2308]: client 172.20.4.2#49708: update 'ariane.intra/IN' denied > Jan 26 11:43:27 S4 named[2308]: samba_dlz: cancelling transaction on zone ariane.intra > Jan 26 11:43:27 S4 named[2308]: samba_dlz: starting transaction on zone ariane.intra > Jan 26 11:43:27 S4 named[2308]: samba_dlz: disallowing update of signer=client7-pcbis\$\@ARIANE.INTRA name=client7-PCbis.ariane.intra type=AAAA*error=insufficient access rights* > Jan 26 11:43:27 S4 named[2308]: client 172.20.4.2#58780: updating zone 'ariane.intra/NONE': update failed: rejected by secure update (REFUSED) > Jan 26 11:43:27 S4 named[2308]: samba_dlz: cancelling transaction on zone ariane.intra > Jan 26 11:43:27 S4 named[2308]: samba_dlz: starting transaction on zone ariane.intra > Jan 26 11:43:27 S4 named[2308]: client 172.20.4.2#62901: update 'ariane.intra/IN' denied > Jan 26 11:43:27 S4 named[2308]: samba_dlz: cancelling transaction on zone ariane.intra > Jan 26 11:43:27 S4 named[2308]: samba_dlz: starting transaction on zone ariane.intra > Jan 26 11:43:27 S4 named[2308]: samba_dlz: disallowing update of signer=client7-pcbis\$\@ARIANE.INTRA name=client7-PCbis.ariane.intra type=AAAA*error=insufficient access rights* > Jan 26 11:43:27 S4 named[2308]: client 172.20.4.2#60619: updating zone 'ariane.intra/NONE': update failed: rejected by secure update (REFUSED) > Jan 26 11:43:27 S4 named[2308]: samba_dlz: cancelling transaction on zone ariane.intra > Jan 26 11:43:30 S4 dhcpd: DHCPINFORM from 172.20.4.2 via eth0 > Jan 26 11:43:30 S4 dhcpd: DHCPACK to 172.20.4.2 (00:50:56:8f:55:b6) via eth0 > > > How to start quickly with the second DHCP server without mistakes and without manually remove the DNS entries? > > Thank you in advance for the answers! > > Sam > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
On 26/01/16 15:33, Sam wrote:> Hello All, > > I have 2 samba4 AD server with dhpd and dynamic DNS. > I have well understand that for now it's not possible to have 2 DHCP > server running in the same time. > So I would have at a time only one dhcp server running. > If the first server got a problem I want to manually start the > isc-dhcp service in the second to rescue the system. > > But It's not working as I expected... > > If I switch off Isc-dhcp service in the first DC and switch on in the > other one I get these errors : > > ipconfig /release > Jan 26 11:41:36 S4 named[2308]: samba_dlz: starting transaction on > zone ariane.intra > Jan 26 11:41:36 S4 named[2308]: client 172.20.4.2#54917: update > 'ariane.intra/IN' denied > Jan 26 11:41:36 S4 named[2308]: samba_dlz: cancelling transaction on > zone ariane.intra > Jan 26 11:41:36 S4 named[2308]: samba_dlz: starting transaction on > zone ariane.intra > Jan 26 11:41:36 S4 named[2308]: samba_dlz: disallowing update of > signer=client7-pcbis\$\@ARIANE.INTRA name=client7-PCbis.ariane.intra > type=A*error=**insufficient access rights* > Jan 26 11:41:36 S4 named[2308]: client 172.20.4.2#65046: updating zone > 'ariane.intra/NONE': update failed: rejected by secure update (REFUSED) > Jan 26 11:41:36 S4 named[2308]: samba_dlz: cancelling transaction on > zone ariane.intra > > ipconfig /renew > Jan 26 11:43:22 S4 dhcpd: DHCPDISCOVER from 00:50:56:8f:55:b6 via eth0 > Jan 26 11:43:23 S4 dhcpd: DHCPOFFER on 172.20.4.2 to 00:50:56:8f:55:b6 > (client7-PCbis) via eth0 > Jan 26 11:43:23 S4 dhcpd: execute_statement argv[0] = > /etc/dhcp/bin/dhcp-dyndns-debian.sh > Jan 26 11:43:23 S4 dhcpd: execute_statement argv[1] = add > Jan 26 11:43:23 S4 dhcpd: execute_statement argv[2] = 172.20.4.2 > Jan 26 11:43:23 S4 dhcpd: execute_statement argv[3] = client7-PCbis > Jan 26 11:43:23 S4 dhcpd: execute_statement argv[4] = 0:50:56:8f:55:b6 > Jan 26 11:43:23 S4 dhcpd: DHCPREQUEST for 172.20.4.2 (172.20.2.2) from > 00:50:56:8f:55:b6 (client7-PCbis) via eth0 > Jan 26 11:43:23 S4 dhcpd: DHCPACK on 172.20.4.2 to 00:50:56:8f:55:b6 > (client7-PCbis) via eth0 > Jan 26 11:43:23 S4 named[2308]: samba_dlz: starting transaction on > zone ariane.intra > Jan 26 11:43:23 S4 named[2308]: samba_dlz: allowing update of > signer=dhcpd-user\@ARIANE.INTRA name=client7-PCbis.ariane.intra > tcpaddr=172.20.2.2 type=A key=1616985151.sig-s4.ariane.intra/160/0 > Jan 26 11:43:23 S4 named[2308]: samba_dlz: allowing update of > signer=dhcpd-user\@ARIANE.INTRA name=client7-PCbis.ariane.intra > tcpaddr=172.20.2.2 type=A key=1616985151.sig-s4.ariane.intra/160/0 > Jan 26 11:43:23 S4 named[2308]: client 172.20.2.2#57599: updating zone > 'ariane.intra/NONE': deleting rrset at 'client7-PCbis.ariane.intra' A > Jan 26 11:43:23 S4 named[2308]: client 172.20.2.2#57599: updating zone > 'ariane.intra/NONE': adding an RR at 'client7-PCbis.ariane.intra' A > Jan 26 11:43:23 S4 named[2308]: samba_dlz: added rdataset > client7-PCbis.ariane.intra > 'client7-PCbis.ariane.intra.#0113600#011IN#011A#011172.20.4.2' > Jan 26 11:43:23 S4 named[2308]: samba_dlz: subtracted rdataset > ariane.intra 'ariane.intra.#0113600#011IN#011SOA#011s4.ariane.intra. > admin.ariane.intra. 98438 900 600 86400 3600' > Jan 26 11:43:23 S4 named[2308]: samba_dlz: added rdataset ariane.intra > 'ariane.intra.#0113600#011IN#011SOA#011s4.ariane.intra. > admin.ariane.intra. 98439 900 600 86400 3600' > Jan 26 11:43:23 S4 named[2308]: samba_dlz: committed transaction on > zone ariane.intra > Jan 26 11:43:23 S4 named[2308]: samba_dlz: starting transaction on > zone 4.20.172.in-addr.arpa > Jan 26 11:43:23 S4 named[2308]: samba_dlz: allowing update of > signer=dhcpd-user\@ARIANE.INTRA name=2.4.20.172.in-addr.arpa > tcpaddr=172.20.2.2 type=PTR key=1880656139.sig-s4.ariane.intra/160/0 > Jan 26 11:43:23 S4 named[2308]: samba_dlz: allowing update of > signer=dhcpd-user\@ARIANE.INTRA name=2.4.20.172.in-addr.arpa > tcpaddr=172.20.2.2 type=PTR key=1880656139.sig-s4.ariane.intra/160/0 > Jan 26 11:43:23 S4 named[2308]: client 172.20.2.2#39255: updating zone > '4.20.172.in-addr.arpa/NONE': deleting rrset at > '2.4.20.172.in-addr.arpa' PTR > Jan 26 11:43:23 S4 named[2308]: client 172.20.2.2#39255: updating zone > '4.20.172.in-addr.arpa/NONE': adding an RR at > '2.4.20.172.in-addr.arpa' PTR > Jan 26 11:43:23 S4 named[2308]: samba_dlz: added rdataset > 2.4.20.172.in-addr.arpa > '2.4.20.172.in-addr.arpa.#0113600#011IN#011PTR#011client7-PCbis.ariane.intra.' > Jan 26 11:43:23 S4 named[2308]: samba_dlz: subtracted rdataset > 4.20.172.in-addr.arpa > '4.20.172.in-addr.arpa.#0113600#011IN#011SOA#011s4.ariane.intra. > admin.ariane.intra. 34 900 600 86400 3600' > Jan 26 11:43:23 S4 named[2308]: samba_dlz: added rdataset > 4.20.172.in-addr.arpa > '4.20.172.in-addr.arpa.#0113600#011IN#011SOA#011s4.ariane.intra. > admin.ariane.intra. 35 900 600 86400 3600' > Jan 26 11:43:23 S4 named[2308]: samba_dlz: committed transaction on > zone 4.20.172.in-addr.arpa > Jan 26 11:43:23 S4 dhcpd: DDNS: adding records for 172.20.4.2 > (client7-PCbis.ariane.intra) succeeded > Jan 26 11:43:27 S4 named[2308]: samba_dlz: starting transaction on > zone ariane.intra > Jan 26 11:43:27 S4 named[2308]: client 172.20.4.2#49708: update > 'ariane.intra/IN' denied > Jan 26 11:43:27 S4 named[2308]: samba_dlz: cancelling transaction on > zone ariane.intra > Jan 26 11:43:27 S4 named[2308]: samba_dlz: starting transaction on > zone ariane.intra > Jan 26 11:43:27 S4 named[2308]: samba_dlz: disallowing update of > signer=client7-pcbis\$\@ARIANE.INTRA name=client7-PCbis.ariane.intra > type=AAAA*error=insufficient access rights* > Jan 26 11:43:27 S4 named[2308]: client 172.20.4.2#58780: updating zone > 'ariane.intra/NONE': update failed: rejected by secure update (REFUSED) > Jan 26 11:43:27 S4 named[2308]: samba_dlz: cancelling transaction on > zone ariane.intra > Jan 26 11:43:27 S4 named[2308]: samba_dlz: starting transaction on > zone ariane.intra > Jan 26 11:43:27 S4 named[2308]: client 172.20.4.2#62901: update > 'ariane.intra/IN' denied > Jan 26 11:43:27 S4 named[2308]: samba_dlz: cancelling transaction on > zone ariane.intra > Jan 26 11:43:27 S4 named[2308]: samba_dlz: starting transaction on > zone ariane.intra > Jan 26 11:43:27 S4 named[2308]: samba_dlz: disallowing update of > signer=client7-pcbis\$\@ARIANE.INTRA name=client7-PCbis.ariane.intra > type=AAAA*error=insufficient access rights* > Jan 26 11:43:27 S4 named[2308]: client 172.20.4.2#60619: updating zone > 'ariane.intra/NONE': update failed: rejected by secure update (REFUSED) > Jan 26 11:43:27 S4 named[2308]: samba_dlz: cancelling transaction on > zone ariane.intra > Jan 26 11:43:30 S4 dhcpd: DHCPINFORM from 172.20.4.2 via eth0 > Jan 26 11:43:30 S4 dhcpd: DHCPACK to 172.20.4.2 (00:50:56:8f:55:b6) > via eth0 > > > How to start quickly with the second DHCP server without mistakes and > without manually remove the DNS entries? > > Thank you in advance for the answers! > > SamYou don't, you run both of the dhcp servers in fail-over mode. Rowland
On 26/01/16 16:03, Walter Mautner wrote:> You may have 2 dhcps running, but you have to make sure the lease ranges are different. The first dns server stanza should refer to the server which gets the lease update. > For the dns servers you would need to define each other as forwarder, probably by ip range, to be able to resolve the other (half of the) names. >Wrong. You need to run both dhcp servers in fail-over mode, you can set them up to share the ip-range or for the second to only be used if the first goes down. Rowland
Rowland.. the solution to the failover came after we advices to setup with 2 servers and manualy start them up.. Maybe its best we put this on the samba wiki? Would help a lot of users. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Walter Mautner > Verzonden: dinsdag 26 januari 2016 17:03 > Aan: Sam > CC: samba at lists.samba.org > Onderwerp: Re: [Samba] Securring DHCP, with DDNS > > You may have 2 dhcps running, but you have to make sure the lease ranges > are different. The first dns server stanza should refer to the server > which gets the lease update. > For the dns servers you would need to define each other as forwarder, > probably by ip range, to be able to resolve the other (half of the) names. > > -- > W.Mautner (Walter.mautner at ages.at) > +43050555111 IKT Hotline > > > > Am 26.01.2016 um 16:33 schrieb Sam <sr42354 at gmail.com>: > > > > Hello All, > > > > I have 2 samba4 AD server with dhpd and dynamic DNS. > > I have well understand that for now it's not possible to have 2 DHCP > server running in the same time. > > So I would have at a time only one dhcp server running. > > If the first server got a problem I want to manually start the isc-dhcp > service in the second to rescue the system. > > > > But It's not working as I expected... > > > > If I switch off Isc-dhcp service in the first DC and switch on in the > other one I get these errors : > > > > ipconfig /release > > Jan 26 11:41:36 S4 named[2308]: samba_dlz: starting transaction on zone > ariane.intra > > Jan 26 11:41:36 S4 named[2308]: client 172.20.4.2#54917: update > 'ariane.intra/IN' denied > > Jan 26 11:41:36 S4 named[2308]: samba_dlz: cancelling transaction on > zone ariane.intra > > Jan 26 11:41:36 S4 named[2308]: samba_dlz: starting transaction on zone > ariane.intra > > Jan 26 11:41:36 S4 named[2308]: samba_dlz: disallowing update of > signer=client7-pcbis\$\@ARIANE.INTRA name=client7-PCbis.ariane.intra > type=A*error=**insufficient access rights* > > Jan 26 11:41:36 S4 named[2308]: client 172.20.4.2#65046: updating zone > 'ariane.intra/NONE': update failed: rejected by secure update (REFUSED) > > Jan 26 11:41:36 S4 named[2308]: samba_dlz: cancelling transaction on > zone ariane.intra > > > > ipconfig /renew > > Jan 26 11:43:22 S4 dhcpd: DHCPDISCOVER from 00:50:56:8f:55:b6 via eth0 > > Jan 26 11:43:23 S4 dhcpd: DHCPOFFER on 172.20.4.2 to 00:50:56:8f:55:b6 > (client7-PCbis) via eth0 > > Jan 26 11:43:23 S4 dhcpd: execute_statement argv[0] > /etc/dhcp/bin/dhcp-dyndns-debian.sh > > Jan 26 11:43:23 S4 dhcpd: execute_statement argv[1] = add > > Jan 26 11:43:23 S4 dhcpd: execute_statement argv[2] = 172.20.4.2 > > Jan 26 11:43:23 S4 dhcpd: execute_statement argv[3] = client7-PCbis > > Jan 26 11:43:23 S4 dhcpd: execute_statement argv[4] = 0:50:56:8f:55:b6 > > Jan 26 11:43:23 S4 dhcpd: DHCPREQUEST for 172.20.4.2 (172.20.2.2) from > 00:50:56:8f:55:b6 (client7-PCbis) via eth0 > > Jan 26 11:43:23 S4 dhcpd: DHCPACK on 172.20.4.2 to 00:50:56:8f:55:b6 > (client7-PCbis) via eth0 > > Jan 26 11:43:23 S4 named[2308]: samba_dlz: starting transaction on zone > ariane.intra > > Jan 26 11:43:23 S4 named[2308]: samba_dlz: allowing update of > signer=dhcpd-user\@ARIANE.INTRA name=client7-PCbis.ariane.intra > tcpaddr=172.20.2.2 type=A key=1616985151.sig-s4.ariane.intra/160/0 > > Jan 26 11:43:23 S4 named[2308]: samba_dlz: allowing update of > signer=dhcpd-user\@ARIANE.INTRA name=client7-PCbis.ariane.intra > tcpaddr=172.20.2.2 type=A key=1616985151.sig-s4.ariane.intra/160/0 > > Jan 26 11:43:23 S4 named[2308]: client 172.20.2.2#57599: updating zone > 'ariane.intra/NONE': deleting rrset at 'client7-PCbis.ariane.intra' A > > Jan 26 11:43:23 S4 named[2308]: client 172.20.2.2#57599: updating zone > 'ariane.intra/NONE': adding an RR at 'client7-PCbis.ariane.intra' A > > Jan 26 11:43:23 S4 named[2308]: samba_dlz: added rdataset client7- > PCbis.ariane.intra 'client7- > PCbis.ariane.intra.#0113600#011IN#011A#011172.20.4.2' > > Jan 26 11:43:23 S4 named[2308]: samba_dlz: subtracted rdataset > ariane.intra 'ariane.intra.#0113600#011IN#011SOA#011s4.ariane.intra. > admin.ariane.intra. 98438 900 600 86400 3600' > > Jan 26 11:43:23 S4 named[2308]: samba_dlz: added rdataset ariane.intra > 'ariane.intra.#0113600#011IN#011SOA#011s4.ariane.intra. > admin.ariane.intra. 98439 900 600 86400 3600' > > Jan 26 11:43:23 S4 named[2308]: samba_dlz: committed transaction on zone > ariane.intra > > Jan 26 11:43:23 S4 named[2308]: samba_dlz: starting transaction on zone > 4.20.172.in-addr.arpa > > Jan 26 11:43:23 S4 named[2308]: samba_dlz: allowing update of > signer=dhcpd-user\@ARIANE.INTRA name=2.4.20.172.in-addr.arpa > tcpaddr=172.20.2.2 type=PTR key=1880656139.sig-s4.ariane.intra/160/0 > > Jan 26 11:43:23 S4 named[2308]: samba_dlz: allowing update of > signer=dhcpd-user\@ARIANE.INTRA name=2.4.20.172.in-addr.arpa > tcpaddr=172.20.2.2 type=PTR key=1880656139.sig-s4.ariane.intra/160/0 > > Jan 26 11:43:23 S4 named[2308]: client 172.20.2.2#39255: updating zone > '4.20.172.in-addr.arpa/NONE': deleting rrset at '2.4.20.172.in-addr.arpa' > PTR > > Jan 26 11:43:23 S4 named[2308]: client 172.20.2.2#39255: updating zone > '4.20.172.in-addr.arpa/NONE': adding an RR at '2.4.20.172.in-addr.arpa' > PTR > > Jan 26 11:43:23 S4 named[2308]: samba_dlz: added rdataset 2.4.20.172.in- > addr.arpa '2.4.20.172.in-addr.arpa.#0113600#011IN#011PTR#011client7- > PCbis.ariane.intra.' > > Jan 26 11:43:23 S4 named[2308]: samba_dlz: subtracted rdataset > 4.20.172.in-addr.arpa '4.20.172.in- > addr.arpa.#0113600#011IN#011SOA#011s4.ariane.intra. admin.ariane.intra. 34 > 900 600 86400 3600' > > Jan 26 11:43:23 S4 named[2308]: samba_dlz: added rdataset 4.20.172.in- > addr.arpa '4.20.172.in-addr.arpa.#0113600#011IN#011SOA#011s4.ariane.intra. > admin.ariane.intra. 35 900 600 86400 3600' > > Jan 26 11:43:23 S4 named[2308]: samba_dlz: committed transaction on zone > 4.20.172.in-addr.arpa > > Jan 26 11:43:23 S4 dhcpd: DDNS: adding records for 172.20.4.2 (client7- > PCbis.ariane.intra) succeeded > > Jan 26 11:43:27 S4 named[2308]: samba_dlz: starting transaction on zone > ariane.intra > > Jan 26 11:43:27 S4 named[2308]: client 172.20.4.2#49708: update > 'ariane.intra/IN' denied > > Jan 26 11:43:27 S4 named[2308]: samba_dlz: cancelling transaction on > zone ariane.intra > > Jan 26 11:43:27 S4 named[2308]: samba_dlz: starting transaction on zone > ariane.intra > > Jan 26 11:43:27 S4 named[2308]: samba_dlz: disallowing update of > signer=client7-pcbis\$\@ARIANE.INTRA name=client7-PCbis.ariane.intra > type=AAAA*error=insufficient access rights* > > Jan 26 11:43:27 S4 named[2308]: client 172.20.4.2#58780: updating zone > 'ariane.intra/NONE': update failed: rejected by secure update (REFUSED) > > Jan 26 11:43:27 S4 named[2308]: samba_dlz: cancelling transaction on > zone ariane.intra > > Jan 26 11:43:27 S4 named[2308]: samba_dlz: starting transaction on zone > ariane.intra > > Jan 26 11:43:27 S4 named[2308]: client 172.20.4.2#62901: update > 'ariane.intra/IN' denied > > Jan 26 11:43:27 S4 named[2308]: samba_dlz: cancelling transaction on > zone ariane.intra > > Jan 26 11:43:27 S4 named[2308]: samba_dlz: starting transaction on zone > ariane.intra > > Jan 26 11:43:27 S4 named[2308]: samba_dlz: disallowing update of > signer=client7-pcbis\$\@ARIANE.INTRA name=client7-PCbis.ariane.intra > type=AAAA*error=insufficient access rights* > > Jan 26 11:43:27 S4 named[2308]: client 172.20.4.2#60619: updating zone > 'ariane.intra/NONE': update failed: rejected by secure update (REFUSED) > > Jan 26 11:43:27 S4 named[2308]: samba_dlz: cancelling transaction on > zone ariane.intra > > Jan 26 11:43:30 S4 dhcpd: DHCPINFORM from 172.20.4.2 via eth0 > > Jan 26 11:43:30 S4 dhcpd: DHCPACK to 172.20.4.2 (00:50:56:8f:55:b6) via > eth0 > > > > > > How to start quickly with the second DHCP server without mistakes and > without manually remove the DNS entries? > > > > Thank you in advance for the answers! > > > > Sam > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
On 26/01/16 16:15, L.P.H. van Belle wrote:> Rowland.. the solution to the failover came after we advices to setup with 2 servers and manualy start them up.. > > Maybe its best we put this on the samba wiki? > Would help a lot of users. > > Greetz, > > Louis > >I have been thinking about this, but was unsure where to put it, no point in putting it somewhere that Marc has to move it from, so if you are reading this Marc, can you create a holding page where you would like it, point me at it and I will willingly write a page on using DHCP on a DC with Bind9 (itdoesn't seem to work with the internal server), with optional fail-over. Rowland
If I don't use DHCP failover, can you tell me how to do to to have manually dhcp start method working... I think I could made a mistake, this is what i did : ( I using Louis script from "old set of script" directory : https://secure.bazuin.nl/scripts/ ) - On server S4 : resolv.conf set to S4 first and S4bis in second - On server S4 : in dhcp-dyndns-debian.sh, NSRVS=*S4*.ariane.intra - On server S4 : bash install.sh - On server S4 : osync set to sync dhcpd.conf between the 2 servers - On server S4bis : resolv.conf set to S4bis first and S4 in second - On server S4bis : in dhcp-dyndns-debian.sh, NSRVS=*S4bis*.ariane.intra - On server S4bis : bash install.sh Am I wrong? Regards, Sam Le 26/01/2016 17:15, L.P.H. van Belle a écrit :> Rowland.. the solution to the failover came after we advices to setup with 2 servers and manualy start them up.. > > Maybe its best we put this on the samba wiki? > Would help a lot of users. > > Greetz, > > Louis > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Walter Mautner >> Verzonden: dinsdag 26 januari 2016 17:03 >> Aan: Sam >> CC: samba at lists.samba.org >> Onderwerp: Re: [Samba] Securring DHCP, with DDNS >> >> You may have 2 dhcps running, but you have to make sure the lease ranges >> are different. The first dns server stanza should refer to the server >> which gets the lease update. >> For the dns servers you would need to define each other as forwarder, >> probably by ip range, to be able to resolve the other (half of the) names. >> >> -- >> W.Mautner (Walter.mautner at ages.at) >> +43050555111 IKT Hotline >> >> >>> Am 26.01.2016 um 16:33 schrieb Sam <sr42354 at gmail.com>: >>> >>> Hello All, >>> >>> I have 2 samba4 AD server with dhpd and dynamic DNS. >>> I have well understand that for now it's not possible to have 2 DHCP >> server running in the same time. >>> So I would have at a time only one dhcp server running. >>> If the first server got a problem I want to manually start the isc-dhcp >> service in the second to rescue the system. >>> But It's not working as I expected... >>> >>> If I switch off Isc-dhcp service in the first DC and switch on in the >> other one I get these errors : >>> ipconfig /release >>> Jan 26 11:41:36 S4 named[2308]: samba_dlz: starting transaction on zone >> ariane.intra >>> Jan 26 11:41:36 S4 named[2308]: client 172.20.4.2#54917: update >> 'ariane.intra/IN' denied >>> Jan 26 11:41:36 S4 named[2308]: samba_dlz: cancelling transaction on >> zone ariane.intra >>> Jan 26 11:41:36 S4 named[2308]: samba_dlz: starting transaction on zone >> ariane.intra >>> Jan 26 11:41:36 S4 named[2308]: samba_dlz: disallowing update of >> signer=client7-pcbis\$\@ARIANE.INTRA name=client7-PCbis.ariane.intra >> type=A*error=**insufficient access rights* >>> Jan 26 11:41:36 S4 named[2308]: client 172.20.4.2#65046: updating zone >> 'ariane.intra/NONE': update failed: rejected by secure update (REFUSED) >>> Jan 26 11:41:36 S4 named[2308]: samba_dlz: cancelling transaction on >> zone ariane.intra >>> ipconfig /renew >>> Jan 26 11:43:22 S4 dhcpd: DHCPDISCOVER from 00:50:56:8f:55:b6 via eth0 >>> Jan 26 11:43:23 S4 dhcpd: DHCPOFFER on 172.20.4.2 to 00:50:56:8f:55:b6 >> (client7-PCbis) via eth0 >>> Jan 26 11:43:23 S4 dhcpd: execute_statement argv[0] >> /etc/dhcp/bin/dhcp-dyndns-debian.sh >>> Jan 26 11:43:23 S4 dhcpd: execute_statement argv[1] = add >>> Jan 26 11:43:23 S4 dhcpd: execute_statement argv[2] = 172.20.4.2 >>> Jan 26 11:43:23 S4 dhcpd: execute_statement argv[3] = client7-PCbis >>> Jan 26 11:43:23 S4 dhcpd: execute_statement argv[4] = 0:50:56:8f:55:b6 >>> Jan 26 11:43:23 S4 dhcpd: DHCPREQUEST for 172.20.4.2 (172.20.2.2) from >> 00:50:56:8f:55:b6 (client7-PCbis) via eth0 >>> Jan 26 11:43:23 S4 dhcpd: DHCPACK on 172.20.4.2 to 00:50:56:8f:55:b6 >> (client7-PCbis) via eth0 >>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: starting transaction on zone >> ariane.intra >>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: allowing update of >> signer=dhcpd-user\@ARIANE.INTRA name=client7-PCbis.ariane.intra >> tcpaddr=172.20.2.2 type=A key=1616985151.sig-s4.ariane.intra/160/0 >>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: allowing update of >> signer=dhcpd-user\@ARIANE.INTRA name=client7-PCbis.ariane.intra >> tcpaddr=172.20.2.2 type=A key=1616985151.sig-s4.ariane.intra/160/0 >>> Jan 26 11:43:23 S4 named[2308]: client 172.20.2.2#57599: updating zone >> 'ariane.intra/NONE': deleting rrset at 'client7-PCbis.ariane.intra' A >>> Jan 26 11:43:23 S4 named[2308]: client 172.20.2.2#57599: updating zone >> 'ariane.intra/NONE': adding an RR at 'client7-PCbis.ariane.intra' A >>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: added rdataset client7- >> PCbis.ariane.intra 'client7- >> PCbis.ariane.intra.#0113600#011IN#011A#011172.20.4.2' >>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: subtracted rdataset >> ariane.intra 'ariane.intra.#0113600#011IN#011SOA#011s4.ariane.intra. >> admin.ariane.intra. 98438 900 600 86400 3600' >>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: added rdataset ariane.intra >> 'ariane.intra.#0113600#011IN#011SOA#011s4.ariane.intra. >> admin.ariane.intra. 98439 900 600 86400 3600' >>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: committed transaction on zone >> ariane.intra >>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: starting transaction on zone >> 4.20.172.in-addr.arpa >>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: allowing update of >> signer=dhcpd-user\@ARIANE.INTRA name=2.4.20.172.in-addr.arpa >> tcpaddr=172.20.2.2 type=PTR key=1880656139.sig-s4.ariane.intra/160/0 >>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: allowing update of >> signer=dhcpd-user\@ARIANE.INTRA name=2.4.20.172.in-addr.arpa >> tcpaddr=172.20.2.2 type=PTR key=1880656139.sig-s4.ariane.intra/160/0 >>> Jan 26 11:43:23 S4 named[2308]: client 172.20.2.2#39255: updating zone >> '4.20.172.in-addr.arpa/NONE': deleting rrset at '2.4.20.172.in-addr.arpa' >> PTR >>> Jan 26 11:43:23 S4 named[2308]: client 172.20.2.2#39255: updating zone >> '4.20.172.in-addr.arpa/NONE': adding an RR at '2.4.20.172.in-addr.arpa' >> PTR >>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: added rdataset 2.4.20.172.in- >> addr.arpa '2.4.20.172.in-addr.arpa.#0113600#011IN#011PTR#011client7- >> PCbis.ariane.intra.' >>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: subtracted rdataset >> 4.20.172.in-addr.arpa '4.20.172.in- >> addr.arpa.#0113600#011IN#011SOA#011s4.ariane.intra. admin.ariane.intra. 34 >> 900 600 86400 3600' >>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: added rdataset 4.20.172.in- >> addr.arpa '4.20.172.in-addr.arpa.#0113600#011IN#011SOA#011s4.ariane.intra. >> admin.ariane.intra. 35 900 600 86400 3600' >>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: committed transaction on zone >> 4.20.172.in-addr.arpa >>> Jan 26 11:43:23 S4 dhcpd: DDNS: adding records for 172.20.4.2 (client7- >> PCbis.ariane.intra) succeeded >>> Jan 26 11:43:27 S4 named[2308]: samba_dlz: starting transaction on zone >> ariane.intra >>> Jan 26 11:43:27 S4 named[2308]: client 172.20.4.2#49708: update >> 'ariane.intra/IN' denied >>> Jan 26 11:43:27 S4 named[2308]: samba_dlz: cancelling transaction on >> zone ariane.intra >>> Jan 26 11:43:27 S4 named[2308]: samba_dlz: starting transaction on zone >> ariane.intra >>> Jan 26 11:43:27 S4 named[2308]: samba_dlz: disallowing update of >> signer=client7-pcbis\$\@ARIANE.INTRA name=client7-PCbis.ariane.intra >> type=AAAA*error=insufficient access rights* >>> Jan 26 11:43:27 S4 named[2308]: client 172.20.4.2#58780: updating zone >> 'ariane.intra/NONE': update failed: rejected by secure update (REFUSED) >>> Jan 26 11:43:27 S4 named[2308]: samba_dlz: cancelling transaction on >> zone ariane.intra >>> Jan 26 11:43:27 S4 named[2308]: samba_dlz: starting transaction on zone >> ariane.intra >>> Jan 26 11:43:27 S4 named[2308]: client 172.20.4.2#62901: update >> 'ariane.intra/IN' denied >>> Jan 26 11:43:27 S4 named[2308]: samba_dlz: cancelling transaction on >> zone ariane.intra >>> Jan 26 11:43:27 S4 named[2308]: samba_dlz: starting transaction on zone >> ariane.intra >>> Jan 26 11:43:27 S4 named[2308]: samba_dlz: disallowing update of >> signer=client7-pcbis\$\@ARIANE.INTRA name=client7-PCbis.ariane.intra >> type=AAAA*error=insufficient access rights* >>> Jan 26 11:43:27 S4 named[2308]: client 172.20.4.2#60619: updating zone >> 'ariane.intra/NONE': update failed: rejected by secure update (REFUSED) >>> Jan 26 11:43:27 S4 named[2308]: samba_dlz: cancelling transaction on >> zone ariane.intra >>> Jan 26 11:43:30 S4 dhcpd: DHCPINFORM from 172.20.4.2 via eth0 >>> Jan 26 11:43:30 S4 dhcpd: DHCPACK to 172.20.4.2 (00:50:56:8f:55:b6) via >> eth0 >>> >>> How to start quickly with the second DHCP server without mistakes and >> without manually remove the DNS entries? >>> Thank you in advance for the answers! >>> >>> Sam >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba > >
Ok, What is causing your problem> signer=dhcpd-user\@ARIANE.INTRA > signer=client7-pcbis\$\@ARIANE.INTRAYour pc is trying to update the dns record and the the dhcpd-user. If you want to use the manual setup, set the GPO that the PC wont update the dns records (a and ptr) But i do really advice you setup the dhcp with failover. This is what i got from Rowland who made the failover work. !! ... did i mention that Rowland made this working :-)) Best guy there is... ;-) -------------------------------------- Setting Up DHCP Failover This is based on using two Samba4 AD DCs: dc1.samdom.example.com : 192.168.0.5 : primary dc2.samdom.example.com : 192.168.0.6 : secondary The network will be 192.168.0.0/24 and the address pool will be '192.168.0.50 to 192.168.0.229' No firewall is running Add the following for the failover peers to the configuration files on the primary: failover peer "dhcp-failover" { primary; address dc1.samdom.example.com; port 519; peer address dc2.samdom.example.com; peer port 520; max-response-delay 60; max-unacked-updates 10; mclt 3600; split 128; load balance max seconds 3; } ..and secondary: failover peer "dhcp-failover" { secondary; address dc2.samdom.example.com; port 520; peer address dc1.samdom.example.com; peer port 519; max-response-delay 60; max-unacked-updates 10; load balance max seconds 3; } Add references for the subnet/pool which will do failover. subnet 192.168.0.0 netmask 255.255.255.0 { option subnet-mask 255.255.255.0; option broadcast-address 192.168.0.255; option time-offset 0; option routers 192.168.0.1; option domain-name "samdom.example.com"; option domain-name-servers 192.168.0.5, 192.168.0.6; option ntp-servers 192.168.0.5, 192.168.0.6; pool { failover peer "dhcp-failover"; max-lease-time 1800; # 30 minutes range 192.168.0.50 192.168.0.229; } } Configure OMAPI and define a secret key. Generate a random OMAPI key on the primary, using the dnssec-keygen utility distributed with BIND. dnssec?]keygen ?]a HMAC?]MD5 ?]b 512 ?]n USER DHCP_OMAPI Now extract the actual key: cat Kdhcp_omapi.+*.private |grep ^Key|cut -d ' ' -f2- Add the following to dhcpd.conf on both primary and secondary. omapi-port 7911; omapi-key omapi_key; key omapi_key { algorithm hmac-md5; secret "PUT_YOUR_KEY_HERE"; } Replace PUT_YOUR_KEY_HERE with the key you extracted from the private key created by the dnssec command Add the following to dhcpd.conf on both machines: on commit { set ClientIP = binary-to-ascii(10, 8, ".", leased-address); set ClientDHCID = binary-to-ascii(16, 8, ":", hardware); set ClientName = pick-first-value(option host-name, config-option-host-name, client-name); log(concat("Commit: IP: ", ClientIP, " DHCID: ", ClientDHCID, " Name: ", ClientName)); execute("/etc/dhcp/bin/dhcp-dyndns.sh", "add", ClientIP, ClientDHCID, ClientName); } on release { set ClientIP = binary-to-ascii(10, 8, ".", leased-address); set ClientDHCID = binary-to-ascii(16, 8, ":", hardware); log(concat("Release: IP: ", ClientIP)); execute("/etc/dhcp/bin/dhcp-dyndns.sh", "delete", ClientIP, ClientDHCID); } on expiry { set ClientIP = binary-to-ascii(10, 8, ".", leased-address); # cannot get a ClientMac here, apparently this only works when actually receiving a packet log(concat("Expired: IP: ", ClientIP)); # cannot get a ClientName here, for some reason that always fails execute("/etc/dhcp/bin/dhcp-dyndns.sh", "delete", ClientIP, "", "0"); } Restart both servers to apply the configuration changes. If OMAPI is working properly you can test failover by stopping the primary server. Once you are sure everything is working as expected, restart both servers to ensure everything is running correctly. The 'split' value '128' divides responsibility for the clients between the two failover partners. If you want the primary to answer all dhcp requests unless it is down (for whatever reason) set the value to '255', use '0' to make the secondary responsible.> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Sam > Verzonden: woensdag 27 januari 2016 12:03 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Securring DHCP, with DDNS > > If I don't use DHCP failover, can you tell me how to do to to have > manually dhcp start method working... > > I think I could made a mistake, this is what i did : ( I using Louis > script from "old set of script" directory : > https://secure.bazuin.nl/scripts/ ) > > - On server S4 : resolv.conf set to S4 first and S4bis in second > - On server S4 : in dhcp-dyndns-debian.sh, NSRVS=*S4*.ariane.intra > - On server S4 : bash install.sh > - On server S4 : osync set to sync dhcpd.conf between the 2 servers > - On server S4bis : resolv.conf set to S4bis first and S4 in second > - On server S4bis : in dhcp-dyndns-debian.sh, NSRVS=*S4bis*.ariane.intra > - On server S4bis : bash install.sh > > Am I wrong? > > Regards, > Sam > > > > Le 26/01/2016 17:15, L.P.H. van Belle a écrit : > > Rowland.. the solution to the failover came after we advices to setup > with 2 servers and manualy start them up.. > > > > Maybe its best we put this on the samba wiki? > > Would help a lot of users. > > > > Greetz, > > > > Louis > > > >> -----Oorspronkelijk bericht----- > >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Walter Mautner > >> Verzonden: dinsdag 26 januari 2016 17:03 > >> Aan: Sam > >> CC: samba at lists.samba.org > >> Onderwerp: Re: [Samba] Securring DHCP, with DDNS > >> > >> You may have 2 dhcps running, but you have to make sure the lease > ranges > >> are different. The first dns server stanza should refer to the server > >> which gets the lease update. > >> For the dns servers you would need to define each other as forwarder, > >> probably by ip range, to be able to resolve the other (half of the) > names. > >> > >> -- > >> W.Mautner (Walter.mautner at ages.at) > >> +43050555111 IKT Hotline > >> > >> > >>> Am 26.01.2016 um 16:33 schrieb Sam <sr42354 at gmail.com>: > >>> > >>> Hello All, > >>> > >>> I have 2 samba4 AD server with dhpd and dynamic DNS. > >>> I have well understand that for now it's not possible to have 2 DHCP > >> server running in the same time. > >>> So I would have at a time only one dhcp server running. > >>> If the first server got a problem I want to manually start the isc- > dhcp > >> service in the second to rescue the system. > >>> But It's not working as I expected... > >>> > >>> If I switch off Isc-dhcp service in the first DC and switch on in the > >> other one I get these errors : > >>> ipconfig /release > >>> Jan 26 11:41:36 S4 named[2308]: samba_dlz: starting transaction on > zone > >> ariane.intra > >>> Jan 26 11:41:36 S4 named[2308]: client 172.20.4.2#54917: update > >> 'ariane.intra/IN' denied > >>> Jan 26 11:41:36 S4 named[2308]: samba_dlz: cancelling transaction on > >> zone ariane.intra > >>> Jan 26 11:41:36 S4 named[2308]: samba_dlz: starting transaction on > zone > >> ariane.intra > >>> Jan 26 11:41:36 S4 named[2308]: samba_dlz: disallowing update of > >> signer=client7-pcbis\$\@ARIANE.INTRA name=client7-PCbis.ariane.intra > >> type=A*error=**insufficient access rights* > >>> Jan 26 11:41:36 S4 named[2308]: client 172.20.4.2#65046: updating zone > >> 'ariane.intra/NONE': update failed: rejected by secure update (REFUSED) > >>> Jan 26 11:41:36 S4 named[2308]: samba_dlz: cancelling transaction on > >> zone ariane.intra > >>> ipconfig /renew > >>> Jan 26 11:43:22 S4 dhcpd: DHCPDISCOVER from 00:50:56:8f:55:b6 via eth0 > >>> Jan 26 11:43:23 S4 dhcpd: DHCPOFFER on 172.20.4.2 to 00:50:56:8f:55:b6 > >> (client7-PCbis) via eth0 > >>> Jan 26 11:43:23 S4 dhcpd: execute_statement argv[0] > >> /etc/dhcp/bin/dhcp-dyndns-debian.sh > >>> Jan 26 11:43:23 S4 dhcpd: execute_statement argv[1] = add > >>> Jan 26 11:43:23 S4 dhcpd: execute_statement argv[2] = 172.20.4.2 > >>> Jan 26 11:43:23 S4 dhcpd: execute_statement argv[3] = client7-PCbis > >>> Jan 26 11:43:23 S4 dhcpd: execute_statement argv[4] = 0:50:56:8f:55:b6 > >>> Jan 26 11:43:23 S4 dhcpd: DHCPREQUEST for 172.20.4.2 (172.20.2.2) from > >> 00:50:56:8f:55:b6 (client7-PCbis) via eth0 > >>> Jan 26 11:43:23 S4 dhcpd: DHCPACK on 172.20.4.2 to 00:50:56:8f:55:b6 > >> (client7-PCbis) via eth0 > >>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: starting transaction on > zone > >> ariane.intra > >>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: allowing update of > >> signer=dhcpd-user\@ARIANE.INTRA name=client7-PCbis.ariane.intra > >> tcpaddr=172.20.2.2 type=A key=1616985151.sig-s4.ariane.intra/160/0 > >>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: allowing update of > >> signer=dhcpd-user\@ARIANE.INTRA name=client7-PCbis.ariane.intra > >> tcpaddr=172.20.2.2 type=A key=1616985151.sig-s4.ariane.intra/160/0 > >>> Jan 26 11:43:23 S4 named[2308]: client 172.20.2.2#57599: updating zone > >> 'ariane.intra/NONE': deleting rrset at 'client7-PCbis.ariane.intra' A > >>> Jan 26 11:43:23 S4 named[2308]: client 172.20.2.2#57599: updating zone > >> 'ariane.intra/NONE': adding an RR at 'client7-PCbis.ariane.intra' A > >>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: added rdataset client7- > >> PCbis.ariane.intra 'client7- > >> PCbis.ariane.intra.#0113600#011IN#011A#011172.20.4.2' > >>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: subtracted rdataset > >> ariane.intra 'ariane.intra.#0113600#011IN#011SOA#011s4.ariane.intra. > >> admin.ariane.intra. 98438 900 600 86400 3600' > >>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: added rdataset ariane.intra > >> 'ariane.intra.#0113600#011IN#011SOA#011s4.ariane.intra. > >> admin.ariane.intra. 98439 900 600 86400 3600' > >>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: committed transaction on > zone > >> ariane.intra > >>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: starting transaction on > zone > >> 4.20.172.in-addr.arpa > >>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: allowing update of > >> signer=dhcpd-user\@ARIANE.INTRA name=2.4.20.172.in-addr.arpa > >> tcpaddr=172.20.2.2 type=PTR key=1880656139.sig-s4.ariane.intra/160/0 > >>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: allowing update of > >> signer=dhcpd-user\@ARIANE.INTRA name=2.4.20.172.in-addr.arpa > >> tcpaddr=172.20.2.2 type=PTR key=1880656139.sig-s4.ariane.intra/160/0 > >>> Jan 26 11:43:23 S4 named[2308]: client 172.20.2.2#39255: updating zone > >> '4.20.172.in-addr.arpa/NONE': deleting rrset at '2.4.20.172.in- > addr.arpa' > >> PTR > >>> Jan 26 11:43:23 S4 named[2308]: client 172.20.2.2#39255: updating zone > >> '4.20.172.in-addr.arpa/NONE': adding an RR at '2.4.20.172.in-addr.arpa' > >> PTR > >>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: added rdataset > 2.4.20.172.in- > >> addr.arpa '2.4.20.172.in-addr.arpa.#0113600#011IN#011PTR#011client7- > >> PCbis.ariane.intra.' > >>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: subtracted rdataset > >> 4.20.172.in-addr.arpa '4.20.172.in- > >> addr.arpa.#0113600#011IN#011SOA#011s4.ariane.intra. admin.ariane.intra. > 34 > >> 900 600 86400 3600' > >>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: added rdataset 4.20.172.in- > >> addr.arpa '4.20.172.in- > addr.arpa.#0113600#011IN#011SOA#011s4.ariane.intra. > >> admin.ariane.intra. 35 900 600 86400 3600' > >>> Jan 26 11:43:23 S4 named[2308]: samba_dlz: committed transaction on > zone > >> 4.20.172.in-addr.arpa > >>> Jan 26 11:43:23 S4 dhcpd: DDNS: adding records for 172.20.4.2 > (client7- > >> PCbis.ariane.intra) succeeded > >>> Jan 26 11:43:27 S4 named[2308]: samba_dlz: starting transaction on > zone > >> ariane.intra > >>> Jan 26 11:43:27 S4 named[2308]: client 172.20.4.2#49708: update > >> 'ariane.intra/IN' denied > >>> Jan 26 11:43:27 S4 named[2308]: samba_dlz: cancelling transaction on > >> zone ariane.intra > >>> Jan 26 11:43:27 S4 named[2308]: samba_dlz: starting transaction on > zone > >> ariane.intra > >>> Jan 26 11:43:27 S4 named[2308]: samba_dlz: disallowing update of > >> signer=client7-pcbis\$\@ARIANE.INTRA name=client7-PCbis.ariane.intra > >> type=AAAA*error=insufficient access rights* > >>> Jan 26 11:43:27 S4 named[2308]: client 172.20.4.2#58780: updating zone > >> 'ariane.intra/NONE': update failed: rejected by secure update (REFUSED) > >>> Jan 26 11:43:27 S4 named[2308]: samba_dlz: cancelling transaction on > >> zone ariane.intra > >>> Jan 26 11:43:27 S4 named[2308]: samba_dlz: starting transaction on > zone > >> ariane.intra > >>> Jan 26 11:43:27 S4 named[2308]: client 172.20.4.2#62901: update > >> 'ariane.intra/IN' denied > >>> Jan 26 11:43:27 S4 named[2308]: samba_dlz: cancelling transaction on > >> zone ariane.intra > >>> Jan 26 11:43:27 S4 named[2308]: samba_dlz: starting transaction on > zone > >> ariane.intra > >>> Jan 26 11:43:27 S4 named[2308]: samba_dlz: disallowing update of > >> signer=client7-pcbis\$\@ARIANE.INTRA name=client7-PCbis.ariane.intra > >> type=AAAA*error=insufficient access rights* > >>> Jan 26 11:43:27 S4 named[2308]: client 172.20.4.2#60619: updating zone > >> 'ariane.intra/NONE': update failed: rejected by secure update (REFUSED) > >>> Jan 26 11:43:27 S4 named[2308]: samba_dlz: cancelling transaction on > >> zone ariane.intra > >>> Jan 26 11:43:30 S4 dhcpd: DHCPINFORM from 172.20.4.2 via eth0 > >>> Jan 26 11:43:30 S4 dhcpd: DHCPACK to 172.20.4.2 (00:50:56:8f:55:b6) > via > >> eth0 > >>> > >>> How to start quickly with the second DHCP server without mistakes and > >> without manually remove the DNS entries? > >>> Thank you in advance for the answers! > >>> > >>> Sam > >>> -- > >>> To unsubscribe from this list go to the following URL and read the > >>> instructions: https://lists.samba.org/mailman/options/samba > >> -- > >> To unsubscribe from this list go to the following URL and read the > >> instructions: https://lists.samba.org/mailman/options/samba > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba