cosme at crearq.co.cu
2016-Apr-13 11:53 UTC
[Samba] [Fwd: Re: Samba_dlz, dhcp y zona inversa no actualiza]
>> what is in '/usr/bin/dhcpd-update-samba-dns.sh' ?# will receive addresses from this DHCP server. Instructions are found here: # https://wiki.archlinux.org/index.php/Samba_4_Active_Directory_Domain_Controller#DHCP sleep 5 checkvalues() { [ -z "${2}" ] && echo "Error: argument '${1}' requires a parameter." && exit 1 case ${2} in -*) echo "Error: Invalid parameter '${2}' passed to ${1}." exit 1 ;; *) return 0 ;; esac } showhelp() { echo -e "\n"`basename ${0}` "uses samba-tool to update DNS records in Samba 4's DNS" echo "server when using INTERNAL DNS or BIND9 DLZ plugin." echo "" echo " Command line options (and variables):" echo "" echo " -a | --action Action for this script to perform" echo " ACTION={add|delete}" echo " -c | --krb5cc Path of the krb5 credential cache (optional)" echo " Default: KRB5CC=/run/dhcpd.krb5cc" echo " -d | --domain The DNS domain/zone to be updated" echo " DOMAIN={domain.tld}" echo " -h | --help Show this help message and exit" echo " -H | --hostname Hostname of the record to be updated" echo " HNAME={hostname}" echo " -i | --ip IP address of the host to be updated" echo " IP={0.0.0.0}" echo " -k | --keytab Krb5 keytab to be used for authorization (optional)" echo " Default: KEYTAB=/etc/dhcp/dhcpd.keytab" echo " -m | --mitkrb5 Use MIT krb5 client utilities"echo " MITKRB5={YES|NO}" echo " -n | --nameserver DNS server to be updated (must use FQDN, not IP)" echo " NAMESERVER={server.internal.domain.tld}" echo " -p | --principal Principal used for DNS updates" echo " PRINCIPAL={user at domain.tld}" echo " -r | --realm Authentication realm" echo " REALM={DOMAIN.TLD}" echo " -z | --zone Then name of the zone to be updated in AD. echo " ZONE={zonename} echo "" echo "Example: $(basename $0) -d domain.tld -i 192.168.0.x -n 192.168.0.x \\" echo " -r DOMAIN.TLD -p user at domain.tld -H HOSTNAME -m" echo "" } # Process arguments [ -z "$1" ] && showhelp && exit 1 while [ -n "$1" ]; do case $1 in -a | --action) checkvalues ${1} ${2} ACTION=${2} shift 2 ;; -c | --krb5cc) checkvalues ${1} ${2} KRB5CC=${2} shift 2 ;; -d | --domain) checkvalues ${1} ${2} DOMAIN=${2} shift 2 ;; -h | --help) showhelp exit 0 ;; -H | --hostname) checkvalues ${1} ${2} HNAME=${2%%.*} shift 2 ;; -i | --ip) checkvalues ${1} ${2} IP=${2}shift 2 ;; -k | --keytab) checkvalues ${1} ${2} KEYTAB=${2} shift 2 ;; -m | --mitkrb5) KRB5MIT=YES shift 1 ;; -n | --nameserver) checkvalues ${1} ${2} NAMESERVER=${2} shift 2 ;; -p | --principal) checkvalues ${1} ${2} PRINCIPAL=${2} shift 2 ;; -r | --realm) checkvalues ${1} ${2} REALM=${2} shift 2 ;; -z | --zone) checkvalues ${1} ${2} ZONE=${2} shift 2 ;; *) echo "Error!!! Unknown command line opion!" echo "Try" `basename $0` "--help." exit 1 ;; esac done # Sanity checking [ -z "$ACTION" ] && echo "Error: action not set." && exit 2 case "$ACTION" in add | Add | ADD) ACTION=ADD ;;del | delete | Delete | DEL | DELETE) ACTION=DEL ;; *) echo "Error: invalid action \"$ACTION\"." && exit 3 ;; esac [ -z "$KRB5CC" ] && KRB5CC=/run/dhcpd.krb5cc [ -z "$DOMAIN" ] && echo "Error: invalid domain." && exit 4 [ -z "$HNAME" ] && [ "$ACTION" == "ADD" ] && \ echo "Error: hostname not set." && exit 5 [ -z "$IP" ] && echo "Error: IP address not set." && exit 6 [ -z "$KEYTAB" ] && KEYTAB=/etc/dhcp/dhcpd.keytab [ -z "$NAMESERVER" ] && echo "Error: nameservers not set." && exit 7 [ -z "$PRINCIPAL" ] && echo "Error: principal not set." && exit 8 [ -z "$REALM" ] && echo "Error: realm not set." && exit 9 [ -z "$ZONE" ] && echo "Error: zone not set." && exit 10 # Disassemble IP for reverse lookups OCT1=$(echo $IP | cut -d . -f 1) OCT2=$(echo $IP | cut -d . -f 2) OCT3=$(echo $IP | cut -d . -f 3) OCT4=$(echo $IP | cut -d . -f 4) RZONE="$OCT3.$OCT2.$OCT1.in-addr.arpa" kerberos_creds() { export KRB5_KTNAME="$KEYTAB" export KRB5CCNAME="$KRB5CC" if [ "$KRB5MIT" = "YES" ]; then KLISTARG="-s" else KLISTARG="-t" fi klist $KLISTARG || kinit -k -t "$KEYTAB" -c "$KRB5CC" "$PRINCIPAL" || { logger -s -p daemon.error -t dhcpd kinit for dynamic DNS failed; exit 11; } } add_host(){ logger -s -p daemon.info -t dhcpd Adding A record for host $HNAME with IP $IP to zone $ZONE on server $NAMESERVER samba-tool dns add $NAMESERVER $ZONE $HNAME A $IP -k yes } delete_host(){ logger -s -p daemon.info -t dhcpd Removing A record for host $HNAME with IP $IP from zone $ZONE on server $NAMESERVER samba-tool dns delete $NAMESERVER $ZONE $HNAME A $IP -k yes }update_host(){ CURIP=$(host -t A $HNAME | cut -d " " -f 4) logger -s -p daemon.info -t dhcpd Removing A record for host $HNAME with IP $CURIP from zone $ZONE on server $NAMESERVER samba-tool dns delete $NAMESERVER $ZONE $HNAME A $CURIP -k yes add_host } add_ptr(){ logger -s -p daemon.info -t dhcpd Adding PTR record $OCT4 with hostname $HNAME to zone $RZONE on server $NAMESERVER samba-tool dns add $NAMESERVER $RZONE $OCT4 PTR $HNAME.$DOMAIN -k yes } delete_ptr(){ logger -s -p daemon.info -t dhcpd Removing PTR record $OCT4 with hostname $HNAME from zone $RZONE on server $NAMESERVER samba-tool dns delete $NAMESERVER $RZONE $OCT4 PTR $HNAME.$DOMAIN -k yes } update_ptr(){ CURHNAME=$(host -t PTR $OCT4 | cut -d " " -f 5) logger -s -p daemon.info -t dhcpd Removing PTR record $OCT4 with hostname $CURHNAME from zone $RZONE on server $NAMESERVER samba-tool dns delete $NAMESERVER $RZONE $OCT4 PTR $CURHNAME -k yes add_ptr } case "$ACTION" in ADD) kerberos_creds host -t A $HNAME.$DOMAIN > /dev/null if [ "${?}" == 0 ]; then update_host else add_host fi host -t PTR $IP > /dev/null if [ "${?}" == 0 ]; then update_ptr else add_ptr fi ;; DEL)kerberos_creds host -t A $HNAME.$DOMAIN > /dev/null if [ "${?}" == 0 ]; then delete_host fi host -t PTR $IP > /dev/null if [ "${?}" == 0 ]; then delete_ptr fi ;; *) echo "Error: Invalid action '$ACTION'!" && exit 12 ;; esac>> what does it use to actually carry out the updates, samba-tool ornsupdate ? with both what am I doing wrong? Leonidch
Rowland penny
2016-Apr-13 12:20 UTC
[Samba] [Fwd: Re: Samba_dlz, dhcp y zona inversa no actualiza]
On 13/04/16 12:53, cosme at crearq.co.cu wrote:> >>> what is in '/usr/bin/dhcpd-update-samba-dns.sh' ? > # will receive addresses from this DHCP server. Instructions are found here: > # > https://wiki.archlinux.org/index.php/Samba_4_Active_Directory_Domain_Controller#DHCP > sleep 5 > checkvalues() > { > [ -z "${2}" ] && echo "Error: argument '${1}' requires a parameter." && > exit 1 > case ${2} in > -*) > echo "Error: Invalid parameter '${2}' passed to ${1}." > exit 1 > ;; > *) > return 0 > ;; > esac > } > showhelp() > { > echo -e "\n"`basename ${0}` "uses samba-tool to update DNS records in > Samba 4's DNS" > echo "server when using INTERNAL DNS or BIND9 DLZ plugin." > echo "" > echo " Command line options (and variables):" > echo "" > echo " -a | --action Action for this script to perform" > echo " > ACTION={add|delete}" > echo " -c | --krb5cc > Path of the krb5 credential cache (optional)" > echo " > Default: KRB5CC=/run/dhcpd.krb5cc" > echo " -d | --domain > The DNS domain/zone to be updated" > echo " > DOMAIN={domain.tld}" > echo " -h | --help > Show this help message and exit" > echo " -H | --hostname Hostname of the record to be updated" > echo " > HNAME={hostname}" > echo " -i | --ip > IP address of the host to be updated" > echo " > IP={0.0.0.0}" > echo " -k | --keytab > Krb5 keytab to be used for authorization (optional)" > echo " > Default: KEYTAB=/etc/dhcp/dhcpd.keytab" > echo " -m | --mitkrb5 Use MIT krb5 client utilities"echo " > MITKRB5={YES|NO}" > echo " -n | --nameserver DNS server to be updated (must use FQDN, not IP)" > echo " > NAMESERVER={server.internal.domain.tld}" > echo " -p | --principal Principal used for DNS updates" > echo " > PRINCIPAL={user at domain.tld}" > echo " -r | --realm > Authentication realm" > echo " > REALM={DOMAIN.TLD}" > echo " -z | --zone > Then name of the zone to be updated in AD. > echo " > ZONE={zonename} > echo "" > echo "Example: $(basename $0) -d domain.tld -i 192.168.0.x -n 192.168.0.x \\" > echo " > -r DOMAIN.TLD -p user at domain.tld -H HOSTNAME -m" > echo "" > } > # Process arguments > [ -z "$1" ] && showhelp && exit 1 > while [ -n "$1" ]; do > case $1 in > -a | --action) > checkvalues ${1} ${2} > ACTION=${2} > shift 2 > ;; > -c | --krb5cc) > checkvalues ${1} ${2} > KRB5CC=${2} > shift 2 > ;; > -d | --domain) > checkvalues ${1} ${2} > DOMAIN=${2} > shift 2 > ;; > -h | --help) > showhelp > exit 0 > ;; > -H | --hostname) > checkvalues ${1} ${2} > HNAME=${2%%.*} > shift 2 > ;; > -i | --ip) > checkvalues ${1} ${2} > IP=${2}shift 2 > ;; > -k | --keytab) > checkvalues ${1} ${2} > KEYTAB=${2} > shift 2 > ;; > -m | --mitkrb5) > KRB5MIT=YES > shift 1 > ;; > -n | --nameserver) > checkvalues ${1} ${2} > NAMESERVER=${2} > shift 2 > ;; > -p | --principal) > checkvalues ${1} ${2} > PRINCIPAL=${2} > shift 2 > ;; > -r | --realm) > checkvalues ${1} ${2} > REALM=${2} > shift 2 > ;; > -z | --zone) > checkvalues ${1} ${2} > ZONE=${2} > shift 2 > ;; > *) > echo "Error!!! Unknown command line opion!" > echo "Try" `basename $0` "--help." > exit 1 > ;; > esac > done > # Sanity checking > [ -z "$ACTION" ] && echo "Error: action not set." && exit 2 > case "$ACTION" in > add | Add | ADD) > ACTION=ADD > ;;del | delete | Delete | DEL | DELETE) > ACTION=DEL > ;; > *) > echo "Error: invalid action \"$ACTION\"." && exit 3 > ;; > esac > [ -z "$KRB5CC" ] && KRB5CC=/run/dhcpd.krb5cc > [ -z "$DOMAIN" ] && echo "Error: invalid domain." && exit 4 > [ -z "$HNAME" ] && [ "$ACTION" == "ADD" ] && \ > echo "Error: hostname not set." && exit 5 > [ -z "$IP" ] && echo "Error: IP address not set." && exit 6 > [ -z "$KEYTAB" ] && KEYTAB=/etc/dhcp/dhcpd.keytab > [ -z "$NAMESERVER" ] && echo "Error: nameservers not set." && exit 7 > [ -z "$PRINCIPAL" ] && echo "Error: principal not set." && exit 8 > [ -z "$REALM" ] && echo "Error: realm not set." && exit 9 > [ -z "$ZONE" ] && echo "Error: zone not set." && exit 10 > # Disassemble IP for reverse lookups > OCT1=$(echo $IP | cut -d . -f 1) > OCT2=$(echo $IP | cut -d . -f 2) > OCT3=$(echo $IP | cut -d . -f 3) > OCT4=$(echo $IP | cut -d . -f 4) > RZONE="$OCT3.$OCT2.$OCT1.in-addr.arpa" > kerberos_creds() { > export KRB5_KTNAME="$KEYTAB" > export KRB5CCNAME="$KRB5CC" > if [ "$KRB5MIT" = "YES" ]; then > KLISTARG="-s" > else > KLISTARG="-t" > fi > klist $KLISTARG || kinit -k -t "$KEYTAB" -c "$KRB5CC" "$PRINCIPAL" || { > logger -s -p > daemon.error -t dhcpd kinit for dynamic DNS failed; exit 11; } > } > add_host(){ > logger -s -p daemon.info -t dhcpd Adding A record for host $HNAME with IP > $IP to zone $ZONE > on server $NAMESERVER > samba-tool dns add $NAMESERVER $ZONE $HNAME A $IP -k yes > } > delete_host(){ > logger -s -p daemon.info -t dhcpd Removing A record for host $HNAME with > IP $IP from zone > $ZONE on server $NAMESERVER > samba-tool dns delete $NAMESERVER $ZONE $HNAME A $IP -k yes > }update_host(){ > CURIP=$(host -t A $HNAME | cut -d " " -f 4) > logger -s -p daemon.info -t dhcpd Removing A record for host $HNAME with > IP $CURIP from > zone $ZONE on server $NAMESERVER > samba-tool dns delete $NAMESERVER $ZONE $HNAME A $CURIP -k yes > add_host > } > add_ptr(){ > logger -s -p daemon.info -t dhcpd Adding PTR record $OCT4 with hostname > $HNAME to zone > $RZONE on server $NAMESERVER > samba-tool dns add $NAMESERVER $RZONE $OCT4 PTR $HNAME.$DOMAIN -k yes > } > delete_ptr(){ > logger -s -p daemon.info -t dhcpd Removing PTR record $OCT4 with hostname > $HNAME from > zone $RZONE on server $NAMESERVER > samba-tool dns delete $NAMESERVER $RZONE $OCT4 PTR $HNAME.$DOMAIN -k yes > } > update_ptr(){ > CURHNAME=$(host -t PTR $OCT4 | cut -d " " -f 5) > logger -s -p daemon.info -t dhcpd Removing PTR record $OCT4 with hostname > $CURHNAME > from zone $RZONE on server $NAMESERVER > samba-tool dns delete $NAMESERVER $RZONE $OCT4 PTR $CURHNAME -k yes > add_ptr > } > case "$ACTION" in > ADD) > kerberos_creds > host -t A $HNAME.$DOMAIN > /dev/null > if [ "${?}" == 0 ]; then > update_host > else > add_host > fi > host -t PTR $IP > /dev/null > if [ "${?}" == 0 ]; then > update_ptr > else > add_ptr > fi > ;; > DEL)kerberos_creds > host -t A $HNAME.$DOMAIN > /dev/null > if [ "${?}" == 0 ]; then > delete_host > fi > host -t PTR $IP > /dev/null > if [ "${?}" == 0 ]; then > delete_ptr > fi > ;; > *) > echo "Error: Invalid action '$ACTION'!" && exit 12 > ;; > esac > > > >>> what does it use to actually carry out the updates, samba-tool or > nsupdate ? > > with both > > > > what am I doing wrong? > > Leonidch > >I thought so, 'samba-tool' Do want to try something that works ? : Apr 13 06:36:49 dc2 dhcpd: Commit: IP: 192.168.0.128 DHCID: 1:1c:4b:d6:c0:e3:7 Name: debnet Apr 13 06:36:49 dc2 dhcpd: execute_statement argv[0] = /etc/dhcp/bin/dhcp-dyndns.sh Apr 13 06:36:49 dc2 dhcpd: execute_statement argv[1] = add Apr 13 06:36:49 dc2 dhcpd: execute_statement argv[2] = 192.168.0.128 Apr 13 06:36:49 dc2 dhcpd: execute_statement argv[3] = 1:1c:4b:d6:c0:e3:7 Apr 13 06:36:49 dc2 dhcpd: execute_statement argv[4] = debnet Apr 13 06:36:49 dc2 named[1636]: samba_dlz: starting transaction on zone samdom.example.com Apr 13 06:36:49 dc2 named[1636]: samba_dlz: allowing update of signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=debnet.samdom.example.com tcpaddr=127.0.0.1 type=A key=2075132176.sig-dc2.samdom.example.com/160/0 Apr 13 06:36:49 dc2 named[1636]: samba_dlz: allowing update of signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=debnet.samdom.example.com tcpaddr=127.0.0.1 type=A key=2075132176.sig-dc2.samdom.example.com/160/0 Apr 13 06:36:49 dc2 named[1636]: client 127.0.0.1#50674/key dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone 'samdom.example.com/NONE': deleting rrset at 'debnet.samdom.example.com' A Apr 13 06:36:49 dc2 named[1636]: samba_dlz: subtracted rdataset debnet.samdom.example.com 'debnet.samdom.example.com.#0113600#011IN#011A#011192.168.0.128' Apr 13 06:36:49 dc2 named[1636]: client 127.0.0.1#50674/key dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone'samdom.example.com/NONE': adding an RR at 'debnet.samdom.example.com' A Apr 13 06:36:49 dc2 named[1636]: samba_dlz: added rdataset debnet.samdom.example.com 'debnet.samdom.example.com.#0113600#011IN#011A#011192.168.0.128' Apr 13 06:36:49 dc2 named[1636]: samba_dlz: committed transaction on zone samdom.example.com Apr 13 06:36:49 dc2 named[1636]: samba_dlz: starting transaction on zone 0.168.192.in-addr.arpa Apr 13 06:36:49 dc2 named[1636]: samba_dlz: allowing update of signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=128.0.168.192.in-addr.arpa tcpaddr=127.0.0.1 type=PTR key=2618104310.sig-dc2.samdom.example.com/160/0 Apr 13 06:36:49 dc2 named[1636]: samba_dlz: allowing update of signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=128.0.168.192.in-addr.arpa tcpaddr=127.0.0.1 type=PTR key=2618104310.sig-dc2.samdom.example.com/160/0 Apr 13 06:36:49 dc2 named[1636]: client 127.0.0.1#40733/key dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone '0.168.192.in-addr.arpa/NONE': deleting rrset at '128.0.168.192.in-addr.arpa' PTR Apr 13 06:36:49 dc2 named[1636]: samba_dlz: subtracted rdataset 128.0.168.192.in-addr.arpa '128.0.168.192.in-addr.arpa.#0113600#011IN#011PTR#011debnet.samdom.example.com.' Apr 13 06:36:49 dc2 named[1636]: client 127.0.0.1#40733/key dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone '0.168.192.in-addr.arpa/NONE': adding an RR at '128.0.168.192.in-addr.arpa' PTR Apr 13 06:36:49 dc2 named[1636]: samba_dlz: added rdataset 128.0.168.192.in-addr.arpa '128.0.168.192.in-addr.arpa.#0113600#011IN#011PTR#011debnet.samdom.example.com.' Apr 13 06:36:49 dc2 named[1636]: samba_dlz: committed transaction on zone 0.168.192.in-addr.arpa Apr 13 06:36:49 dc2 root: DHCP-DNS Update succeeded Apr 13 06:36:49 dc2 dhcpd: DHCPREQUEST for 192.168.0.128 from 1c:4b:d6:c0:e3:07 (debnet) via eth0 Apr 13 06:36:49 dc2 dhcpd: DHCPACK on 192.168.0.128 to 1c:4b:d6:c0:e3:07 (debnet) via eth0 You need to be using Bind9, last time I tried it with the internal DNS server, I couldn't get it to work. Rowland
Possibly Parallel Threads
- dhcp lease time hardware in script at dhcpd/Bind/Samba wiki page
- dhcp lease time hardware in script at dhcpd/Bind/Samba wiki page
- Rails + Sybase ASE : group effort, please
- dhcp lease time hardware in script at dhcpd/Bind/Samba wiki page
- [PATCH libnbd] api: Get rid of nbd_connection.