samba - Apr 2016 - [Fwd: Re: [Fwd: Re: [Fwd: Re: [Fwd: Re: Samba 4 more complete]]]]

Yes I think so

This is my /etc/dhcp/dhcpd.conf

ddns-updates on;
ddns-update-style interim;
#ddns-update-style none;
update-static-leases on;


option domain-name-servers cd1.home.cu;
option domain-name "home.cu";

default-lease-time 600;
max-lease-time 7200;

authoritative;

include "/etc/bind/rndc.key";
#include "/usr/local/samba/private/dns.keytab";
#	deny unkown-clients;
	use-host-decl-names on;
	default-lease-time 86400;
	max-lease-time 86400;
	log-facility local7;

# Zona directa
#zone home.cu. {
#	primary 192.168.58.10;
#	primary 127.0.0.1;
#	key rndc-key;
#	}

# zona inversa
zone 58.168.192.in-addr.arpa. {
#	primary 192.168.58.10;
#	primary 127.0.0.1;
#	key rndc-key;
#	key dns
	}


# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
#log-facility local7;

# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.

subnet 192.168.58.0 netmask 255.255.255.0 {
	ddns-domainname "home.cu.";
#	ddns-rev-domainname "57.168.192.in-addr.arpa.";
#	ddns-rev-domainname "in-addr.arpa.";
	option routers 192.168.58.10;
	option broadcast-address 192.168.58.255;
		pool{ range 192.168.58.30 192.168.58.200; }
}
deny unknown-clients;
group general {
	host pc_xp{
		option host-name "xp.home.cu";
		hardware ethernet 08:00:27:fd:95:e7;
		fixed-address 192.168.58.33;
	}

host pc_xp1{
		option host-name "xp1.home.cu";
		hardware ethernet 08:00:27:f1:8a:4c;
		fixed-address 192.168.58.34;
	}


host pc_xp2{
		option host-name "xp2.home.cu";
		hardware ethernet 08:00:27:d0:41:21;
		fixed-address 192.168.58.45;
	}

}



Please tell me what I'm doing wrong and / or missing?

Leonidch



---------------------------- Mensaje original ----------------------------
Asunto: Re: [Samba] [Fwd: Re: [Fwd: Re: [Fwd: Re: Samba 4 more complete]]]
De:     "Rowland penny" <rpenny at samba.org>
Fecha:  Jue, 21 de Abril de 2016, 11:50 am
Para:   samba at lists.samba.org
--------------------------------------------------------------------------

On 21/04/16 16:35, cosme at crearq.co.cu wrote:
>
> Second question:
>
> Take a look at the logs
>
>
> Apr 21 11:23:58 cd1 named[2224]: samba_dlz: starting transaction on zone
> 58.168.192.in-addr.arpa
> Apr 21 11:23:58 cd1 named[2224]: client 192.168.58.10#22874: update
> '58.168.192.in-addr.arpa/IN' denied
> Apr 21 11:23:58 cd1 named[2224]: samba_dlz: cancelling transaction on zone
> 58.168.192.in-addr.arpa
> Apr 21 11:23:58 cd1 dhcpd: Unable to add reverse map from
> 45.58.168.192.in-addr.arpa. to xp2.home.cu: REFUSED
> Apr 21 11:23:58 cd1 named[2224]: samba_dlz: starting transaction on zone
> home.cu
> Apr 21 11:23:58 cd1 named[2224]: samba_dlz: allowing update of
> signer=XP2\$\@HOME.CU name=xp2.home.cu tcpaddr= type=A
> key=964-ms-7.3-e83765.c64f8090-07b1-11e6-07a1-080027d04121/160/0
> Apr 21 11:23:58 cd1 named[2224]: samba_dlz: allowing update of
> signer=XP2\$\@HOME.CU name=xp2.home.cu tcpaddr= type=A
> key=964-ms-7.3-e83765.c64f8090-07b1-11e6-07a1-080027d04121/160/0
> Apr 21 11:23:58 cd1 named[2224]: client 192.168.58.45#1317/key
> XP2\$\@HOME.CU: updating zone 'home.cu/NONE': deleting rrset at
> 'xp2.home.cu' A
> Apr 21 11:23:58 cd1 named[2224]: samba_dlz: subtracted rdataset
> xp2.home.cu 'xp2.home.cu.#0111200#011IN#011A#011192.168.58.45'
> Apr 21 11:23:58 cd1 named[2224]: client 192.168.58.45#1317/key
> XP2\$\@HOME.CU: updating zone 'home.cu/NONE': adding an RR at
> 'xp2.home.cu' A
> Apr 21 11:23:58 cd1 named[2224]: samba_dlz: added rdataset xp2.home.cu
> 'xp2.home.cu.#0111200#011IN#011A#011192.168.58.45'
> Apr 21 11:23:58 cd1 named[2224]: samba_dlz: committed transaction on zone
> home.cu
> Apr 21 11:24:00 cd1 dhcpd: Dynamic and static leases present for
> 192.168.58.45.
> Apr 21 11:24:00 cd1 dhcpd: Remove host declaration pc_xp2 or remove
> 192.168.58.45
> Apr 21 11:24:00 cd1 dhcpd: from the dynamic address pool for
192.168.58.0/24
> Apr 21 11:24:00 cd1 dhcpd: DHCPREQUEST for 192.168.58.45 from
> 08:00:27:d0:41:21 via eth0
> Apr 21 11:24:00 cd1 dhcpd: DHCPACK on 192.168.58.45 to 08:00:27:d0:41:21
> via eth0
> Apr 21 11:24:00 cd1 named[2224]: samba_dlz: starting transaction on zone
> 58.168.192.in-addr.arpa
> Apr 21 11:24:00 cd1 named[2224]: client 192.168.58.10#22874: update
> '58.168.192.in-addr.arpa/IN' denied
> Apr 21 11:24:00 cd1 named[2224]: samba_dlz: cancelling transaction on zone
> 58.168.192.in-addr.arpa
> Apr 21 11:24:00 cd1 dhcpd: Unable to add reverse map from
> 45.58.168.192.in-addr.arpa. to xp2.home.cu: REFUSED
> Apr 21 11:24:00 cd1 named[2224]: samba_dlz: starting transaction on zone
> home.cu
> Apr 21 11:24:00 cd1 named[2224]: client 192.168.58.45#1320: update
> 'home.cu/IN' denied
> Apr 21 11:24:00 cd1 named[2224]: samba_dlz: cancelling transaction on zone
> home.cu
>
> What I meant is my problem with the reverse zone, the direct zone works
> out well
>
>
> It has to do with the permissions, but I have tried in many ways without
> solution
>
> What could be missing?
>
>
>
> Leonidch
>
>
>
>
>
>
>
>
>
>
>
>
>
> ---------------------------- Mensaje original ----------------------------
> Asunto: Re: [Samba] [Fwd: Re: [Fwd: Re: Samba 4 more complete]]
> De:     "Rowland penny" <rpenny at samba.org>
> Fecha:  Jue, 21 de Abril de 2016, 10:46 am
> Para:   samba at lists.samba.org
> --------------------------------------------------------------------------
>
> On 21/04/16 15:23, cosme at crearq.co.cu wrote:
>> First question
>>
>> To use bind as dlz is required to be compiled from source or you can
use
>> the package bind9 repo Debian8 ??
>>
>> Because I'm seeing you in the wiki
>> https://wiki.samba.org/index.php/Setup_a_basic_BIND_installation
>> ------------------------------------------
>> says this
>>
>> If you install BIND from the repositories of your distribution, you can
>> skip the following two steps, but make sure it was compiled That With
The
>> '--with-gssapi' and '--with-dlopen' options (see below)
before using it as
>> the Samba AD DNS backend.
>> -------------------------------------------
>>
>> In this case I bind9.9.5 use since the repo comes with --with-gssapi
but
>> not with --with-dlopen or --with-dlz-dlopen '
> Hmm, the wiki needs updating, Bind9.9.x now compiles dlopen in as
> standard, it is no longer an option, not entirely sure just when it
> changed, but I can assure you Bind9 in Jessie does work with Samba4 (and
> dhcp)
>
> Next question :-D
>
> Rowland
>
>
>> What can I do in that case ??
>>
>> maybe that's one of my problems
>>
>> Leonidch
>>
>>
>
You mean you want to see something like this in the logs:

Apr 21 06:46:27 dc1 named[1698]: samba_dlz: starting transaction on zone
0.168.192.in-addr.arpa
Apr 21 06:46:27 dc1 named[1698]: samba_dlz: allowing update of
signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=101.0.168.192.in-addr.arpa
tcpaddr=127.0.0.1 type=PTR key=990741993.sig-dc1.samdom.example.com/160/0
Apr 21 06:46:27 dc1 named[1698]: samba_dlz: allowing update of
signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=101.0.168.192.in-addr.arpa
tcpaddr=127.0.0.1 type=PTR key=990741993.sig-dc1.samdom.example.com/160/0
Apr 21 06:46:27 dc1 named[1698]: client 127.0.0.1#34666/key
dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone
'0.168.192.in-addr.arpa/NONE': deleting rrset at
'101.0.168.192.in-addr.arpa' PTR
Apr 21 06:46:27 dc1 named[1698]: samba_dlz: subtracted rdataset
101.0.168.192.in-addr.arpa
'101.0.168.192.in-addr.arpa.#0113600#011IN#011PTR#011HP-Printer.samdom.example.com.'
Apr 21 06:46:27 dc1 named[1698]: client 127.0.0.1#34666/key
dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone
'0.168.192.in-addr.arpa/NONE': adding an RR at
'101.0.168.192.in-addr.arpa' PTR
Apr 21 06:46:27 dc1 named[1698]: samba_dlz: added rdataset
101.0.168.192.in-addr.arpa
'101.0.168.192.in-addr.arpa.#0113600#011IN#011PTR#011HP-Printer.samdom.example.com.'
Apr 21 06:46:27 dc1 named[1698]: samba_dlz: committed transaction on
zone 0.168.192.in-addr.arpa
Apr 21 06:46:27 dc1 root: DHCP-DNS Update succeeded

Can I ask how you have tried to do the updates ?
Is dhcp trying to update the reverse zone directly ?

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

On 21/04/16 18:22, cosme at crearq.co.cu wrote:
> Yes I think so
>
> This is my /etc/dhcp/dhcpd.conf
>
> ddns-updates on;
> ddns-update-style interim;
> #ddns-update-style none;
> update-static-leases on;
>
>
> option domain-name-servers cd1.home.cu;
> option domain-name "home.cu";
>
> default-lease-time 600;
> max-lease-time 7200;
>
> authoritative;
>
> include "/etc/bind/rndc.key";
> #include "/usr/local/samba/private/dns.keytab";
> #	deny unkown-clients;
> 	use-host-decl-names on;
> 	default-lease-time 86400;
> 	max-lease-time 86400;
> 	log-facility local7;
>
> # Zona directa
> #zone home.cu. {
> #	primary 192.168.58.10;
> #	primary 127.0.0.1;
> #	key rndc-key;
> #	}
>
> # zona inversa
> zone 58.168.192.in-addr.arpa. {
> #	primary 192.168.58.10;
> #	primary 127.0.0.1;
> #	key rndc-key;
> #	key dns
> 	}
>
>
> # Use this to send dhcp log messages to a different log file (you also
> # have to hack syslog.conf to complete the redirection).
> #log-facility local7;
>
> # No service will be given on this subnet, but declaring it helps the
> # DHCP server to understand the network topology.
>
> subnet 192.168.58.0 netmask 255.255.255.0 {
> 	ddns-domainname "home.cu.";
> #	ddns-rev-domainname "57.168.192.in-addr.arpa.";
> #	ddns-rev-domainname "in-addr.arpa.";
> 	option routers 192.168.58.10;
> 	option broadcast-address 192.168.58.255;
> 		pool{ range 192.168.58.30 192.168.58.200; }
> }
> deny unknown-clients;
> group general {
> 	host pc_xp{
> 		option host-name "xp.home.cu";
> 		hardware ethernet 08:00:27:fd:95:e7;
> 		fixed-address 192.168.58.33;
> 	}
>
> host pc_xp1{
> 		option host-name "xp1.home.cu";
> 		hardware ethernet 08:00:27:f1:8a:4c;
> 		fixed-address 192.168.58.34;
> 	}
>
>
> host pc_xp2{
> 		option host-name "xp2.home.cu";
> 		hardware ethernet 08:00:27:d0:41:21;
> 		fixed-address 192.168.58.45;
> 	}
>
> }
>
>
>
> Please tell me what I'm doing wrong and / or missing?
>
> Leonidch
>
>
>
> ---------------------------- Mensaje original ----------------------------
> Asunto: Re: [Samba] [Fwd: Re: [Fwd: Re: [Fwd: Re: Samba 4 more complete]]]
> De:     "Rowland penny" <rpenny at samba.org>
> Fecha:  Jue, 21 de Abril de 2016, 11:50 am
> Para:   samba at lists.samba.org
> --------------------------------------------------------------------------
>
> On 21/04/16 16:35, cosme at crearq.co.cu wrote:
>> Second question:
>>
>> Take a look at the logs
>>
>>
>> Apr 21 11:23:58 cd1 named[2224]: samba_dlz: starting transaction on
zone
>> 58.168.192.in-addr.arpa
>> Apr 21 11:23:58 cd1 named[2224]: client 192.168.58.10#22874: update
>> '58.168.192.in-addr.arpa/IN' denied
>> Apr 21 11:23:58 cd1 named[2224]: samba_dlz: cancelling transaction on
zone
>> 58.168.192.in-addr.arpa
>> Apr 21 11:23:58 cd1 dhcpd: Unable to add reverse map from
>> 45.58.168.192.in-addr.arpa. to xp2.home.cu: REFUSED
>> Apr 21 11:23:58 cd1 named[2224]: samba_dlz: starting transaction on
zone
>> home.cu
>> Apr 21 11:23:58 cd1 named[2224]: samba_dlz: allowing update of
>> signer=XP2\$\@HOME.CU name=xp2.home.cu tcpaddr= type=A
>> key=964-ms-7.3-e83765.c64f8090-07b1-11e6-07a1-080027d04121/160/0
>> Apr 21 11:23:58 cd1 named[2224]: samba_dlz: allowing update of
>> signer=XP2\$\@HOME.CU name=xp2.home.cu tcpaddr= type=A
>> key=964-ms-7.3-e83765.c64f8090-07b1-11e6-07a1-080027d04121/160/0
>> Apr 21 11:23:58 cd1 named[2224]: client 192.168.58.45#1317/key
>> XP2\$\@HOME.CU: updating zone 'home.cu/NONE': deleting rrset at
>> 'xp2.home.cu' A
>> Apr 21 11:23:58 cd1 named[2224]: samba_dlz: subtracted rdataset
>> xp2.home.cu 'xp2.home.cu.#0111200#011IN#011A#011192.168.58.45'
>> Apr 21 11:23:58 cd1 named[2224]: client 192.168.58.45#1317/key
>> XP2\$\@HOME.CU: updating zone 'home.cu/NONE': adding an RR at
>> 'xp2.home.cu' A
>> Apr 21 11:23:58 cd1 named[2224]: samba_dlz: added rdataset xp2.home.cu
>> 'xp2.home.cu.#0111200#011IN#011A#011192.168.58.45'
>> Apr 21 11:23:58 cd1 named[2224]: samba_dlz: committed transaction on
zone
>> home.cu
>> Apr 21 11:24:00 cd1 dhcpd: Dynamic and static leases present for
>> 192.168.58.45.
>> Apr 21 11:24:00 cd1 dhcpd: Remove host declaration pc_xp2 or remove
>> 192.168.58.45
>> Apr 21 11:24:00 cd1 dhcpd: from the dynamic address pool for
> 192.168.58.0/24
>> Apr 21 11:24:00 cd1 dhcpd: DHCPREQUEST for 192.168.58.45 from
>> 08:00:27:d0:41:21 via eth0
>> Apr 21 11:24:00 cd1 dhcpd: DHCPACK on 192.168.58.45 to
08:00:27:d0:41:21
>> via eth0
>> Apr 21 11:24:00 cd1 named[2224]: samba_dlz: starting transaction on
zone
>> 58.168.192.in-addr.arpa
>> Apr 21 11:24:00 cd1 named[2224]: client 192.168.58.10#22874: update
>> '58.168.192.in-addr.arpa/IN' denied
>> Apr 21 11:24:00 cd1 named[2224]: samba_dlz: cancelling transaction on
zone
>> 58.168.192.in-addr.arpa
>> Apr 21 11:24:00 cd1 dhcpd: Unable to add reverse map from
>> 45.58.168.192.in-addr.arpa. to xp2.home.cu: REFUSED
>> Apr 21 11:24:00 cd1 named[2224]: samba_dlz: starting transaction on
zone
>> home.cu
>> Apr 21 11:24:00 cd1 named[2224]: client 192.168.58.45#1320: update
>> 'home.cu/IN' denied
>> Apr 21 11:24:00 cd1 named[2224]: samba_dlz: cancelling transaction on
zone
>> home.cu
>>
>> What I meant is my problem with the reverse zone, the direct zone works
>> out well
>>
>>
>> It has to do with the permissions, but I have tried in many ways
without
>> solution
>>
>> What could be missing?
>>
>>
>>
>> Leonidch
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> ---------------------------- Mensaje original
----------------------------
>> Asunto: Re: [Samba] [Fwd: Re: [Fwd: Re: Samba 4 more complete]]
>> De:     "Rowland penny" <rpenny at samba.org>
>> Fecha:  Jue, 21 de Abril de 2016, 10:46 am
>> Para:   samba at lists.samba.org
>>
--------------------------------------------------------------------------
>>
>> On 21/04/16 15:23, cosme at crearq.co.cu wrote:
>>> First question
>>>
>>> To use bind as dlz is required to be compiled from source or you
can use
>>> the package bind9 repo Debian8 ??
>>>
>>> Because I'm seeing you in the wiki
>>> https://wiki.samba.org/index.php/Setup_a_basic_BIND_installation
>>> ------------------------------------------
>>> says this
>>>
>>> If you install BIND from the repositories of your distribution, you
can
>>> skip the following two steps, but make sure it was compiled That
With The
>>> '--with-gssapi' and '--with-dlopen' options (see
below) before using it as
>>> the Samba AD DNS backend.
>>> -------------------------------------------
>>>
>>> In this case I bind9.9.5 use since the repo comes with
--with-gssapi but
>>> not with --with-dlopen or --with-dlz-dlopen '
>> Hmm, the wiki needs updating, Bind9.9.x now compiles dlopen in as
>> standard, it is no longer an option, not entirely sure just when it
>> changed, but I can assure you Bind9 in Jessie does work with Samba4
(and
>> dhcp)
>>
>> Next question :-D
>>
>> Rowland
>>
>>
>>> What can I do in that case ??
>>>
>>> maybe that's one of my problems
>>>
>>> Leonidch
>>>
>>>
> You mean you want to see something like this in the logs:
>
> Apr 21 06:46:27 dc1 named[1698]: samba_dlz: starting transaction on zone
> 0.168.192.in-addr.arpa
> Apr 21 06:46:27 dc1 named[1698]: samba_dlz: allowing update of
> signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=101.0.168.192.in-addr.arpa
> tcpaddr=127.0.0.1 type=PTR key=990741993.sig-dc1.samdom.example.com/160/0
> Apr 21 06:46:27 dc1 named[1698]: samba_dlz: allowing update of
> signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=101.0.168.192.in-addr.arpa
> tcpaddr=127.0.0.1 type=PTR key=990741993.sig-dc1.samdom.example.com/160/0
> Apr 21 06:46:27 dc1 named[1698]: client 127.0.0.1#34666/key
> dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone
> '0.168.192.in-addr.arpa/NONE': deleting rrset at
> '101.0.168.192.in-addr.arpa' PTR
> Apr 21 06:46:27 dc1 named[1698]: samba_dlz: subtracted rdataset
> 101.0.168.192.in-addr.arpa
>
'101.0.168.192.in-addr.arpa.#0113600#011IN#011PTR#011HP-Printer.samdom.example.com.'
> Apr 21 06:46:27 dc1 named[1698]: client 127.0.0.1#34666/key
> dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone
> '0.168.192.in-addr.arpa/NONE': adding an RR at
> '101.0.168.192.in-addr.arpa' PTR
> Apr 21 06:46:27 dc1 named[1698]: samba_dlz: added rdataset
> 101.0.168.192.in-addr.arpa
>
'101.0.168.192.in-addr.arpa.#0113600#011IN#011PTR#011HP-Printer.samdom.example.com.'
> Apr 21 06:46:27 dc1 named[1698]: samba_dlz: committed transaction on
> zone 0.168.192.in-addr.arpa
> Apr 21 06:46:27 dc1 root: DHCP-DNS Update succeeded
>
> Can I ask how you have tried to do the updates ?
> Is dhcp trying to update the reverse zone directly ?
>
> Rowland
>
OK, I thought that was what you were doing, what you are missing 
(amongst other things) is this from the bottom of dhcpd.conf:

on commit {
set noname = concat("dhcp-", binary-to-ascii(10, 8, "-",
leased-address));
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
set ClientDHCID = binary-to-ascii(16, 8, ":", hardware);
set ClientName = pick-first-value(option host-name, 
config-option-host-name, client-name, noname);
log(concat("Commit: IP: ", ClientIP, " DHCID: ",
ClientDHCID, " Name: ",
ClientName));
execute("/etc/dhcp/bin/dhcp-dyndns.sh", "add", ClientIP,
ClientDHCID,
ClientName);
}

on release {
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
set ClientDHCID = binary-to-ascii(16, 8, ":", hardware);
log(concat("Release: IP: ", ClientIP));
execute("/etc/dhcp/bin/dhcp-dyndns.sh", "delete", ClientIP,
ClientDHCID);
}

on expiry {
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
# cannot get a ClientMac here, apparently this only works when actually 
receiving a packet
log(concat("Expired: IP: ", ClientIP));
# cannot get a ClientName here, for some reason that always fails
execute("/etc/dhcp/bin/dhcp-dyndns.sh", "delete", ClientIP,
"", "0");
}

As you can see, dhcp has the facility to run a script and it is this 
script that does the updates, you will also have to stop your windows 
clients from trying to update their own records, but there is a gpo for 
this.

I will check over my notes ( to make sure they are correct and 
up-todate) and I will then send you them off list.

Rowland

On 21/04/16 18:45, Rowland penny wrote:
> On 21/04/16 18:22, cosme at crearq.co.cu wrote:
>> Yes I think so
>>
>> This is my /etc/dhcp/dhcpd.conf
>>
>> ddns-updates on;
>> ddns-update-style interim;
>> #ddns-update-style none;
>> update-static-leases on;
>>
>>
>> option domain-name-servers cd1.home.cu;
>> option domain-name "home.cu";
>>
>> default-lease-time 600;
>> max-lease-time 7200;
>>
>> authoritative;
>>
>> include "/etc/bind/rndc.key";
>> #include "/usr/local/samba/private/dns.keytab";
>> #    deny unkown-clients;
>>     use-host-decl-names on;
>>     default-lease-time 86400;
>>     max-lease-time 86400;
>>     log-facility local7;
>>
>> # Zona directa
>> #zone home.cu. {
>> #    primary 192.168.58.10;
>> #    primary 127.0.0.1;
>> #    key rndc-key;
>> #    }
>>
>> # zona inversa
>> zone 58.168.192.in-addr.arpa. {
>> #    primary 192.168.58.10;
>> #    primary 127.0.0.1;
>> #    key rndc-key;
>> #    key dns
>>     }
>>
>>
>> # Use this to send dhcp log messages to a different log file (you also
>> # have to hack syslog.conf to complete the redirection).
>> #log-facility local7;
>>
>> # No service will be given on this subnet, but declaring it helps the
>> # DHCP server to understand the network topology.
>>
>> subnet 192.168.58.0 netmask 255.255.255.0 {
>>     ddns-domainname "home.cu.";
>> #    ddns-rev-domainname "57.168.192.in-addr.arpa.";
>> #    ddns-rev-domainname "in-addr.arpa.";
>>     option routers 192.168.58.10;
>>     option broadcast-address 192.168.58.255;
>>         pool{ range 192.168.58.30 192.168.58.200; }
>> }
>> deny unknown-clients;
>> group general {
>>     host pc_xp{
>>         option host-name "xp.home.cu";
>>         hardware ethernet 08:00:27:fd:95:e7;
>>         fixed-address 192.168.58.33;
>>     }
>>
>> host pc_xp1{
>>         option host-name "xp1.home.cu";
>>         hardware ethernet 08:00:27:f1:8a:4c;
>>         fixed-address 192.168.58.34;
>>     }
>>
>>
>> host pc_xp2{
>>         option host-name "xp2.home.cu";
>>         hardware ethernet 08:00:27:d0:41:21;
>>         fixed-address 192.168.58.45;
>>     }
>>
>> }
>>
>>
>>
>> Please tell me what I'm doing wrong and / or missing?
>>
>> Leonidch
>>
>>
>>
>> ---------------------------- Mensaje original 
>> ----------------------------
>> Asunto: Re: [Samba] [Fwd: Re: [Fwd: Re: [Fwd: Re: Samba 4 more 
>> complete]]]
>> De:     "Rowland penny" <rpenny at samba.org>
>> Fecha:  Jue, 21 de Abril de 2016, 11:50 am
>> Para:   samba at lists.samba.org
>>
--------------------------------------------------------------------------
>>
>>
>> On 21/04/16 16:35, cosme at crearq.co.cu wrote:
>>> Second question:
>>>
>>> Take a look at the logs
>>>
>>>
>>> Apr 21 11:23:58 cd1 named[2224]: samba_dlz: starting transaction on
>>> zone
>>> 58.168.192.in-addr.arpa
>>> Apr 21 11:23:58 cd1 named[2224]: client 192.168.58.10#22874: update
>>> '58.168.192.in-addr.arpa/IN' denied
>>> Apr 21 11:23:58 cd1 named[2224]: samba_dlz: cancelling transaction 
>>> on zone
>>> 58.168.192.in-addr.arpa
>>> Apr 21 11:23:58 cd1 dhcpd: Unable to add reverse map from
>>> 45.58.168.192.in-addr.arpa. to xp2.home.cu: REFUSED
>>> Apr 21 11:23:58 cd1 named[2224]: samba_dlz: starting transaction on
>>> zone
>>> home.cu
>>> Apr 21 11:23:58 cd1 named[2224]: samba_dlz: allowing update of
>>> signer=XP2\$\@HOME.CU name=xp2.home.cu tcpaddr= type=A
>>> key=964-ms-7.3-e83765.c64f8090-07b1-11e6-07a1-080027d04121/160/0
>>> Apr 21 11:23:58 cd1 named[2224]: samba_dlz: allowing update of
>>> signer=XP2\$\@HOME.CU name=xp2.home.cu tcpaddr= type=A
>>> key=964-ms-7.3-e83765.c64f8090-07b1-11e6-07a1-080027d04121/160/0
>>> Apr 21 11:23:58 cd1 named[2224]: client 192.168.58.45#1317/key
>>> XP2\$\@HOME.CU: updating zone 'home.cu/NONE': deleting
rrset at
>>> 'xp2.home.cu' A
>>> Apr 21 11:23:58 cd1 named[2224]: samba_dlz: subtracted rdataset
>>> xp2.home.cu
'xp2.home.cu.#0111200#011IN#011A#011192.168.58.45'
>>> Apr 21 11:23:58 cd1 named[2224]: client 192.168.58.45#1317/key
>>> XP2\$\@HOME.CU: updating zone 'home.cu/NONE': adding an RR
at
>>> 'xp2.home.cu' A
>>> Apr 21 11:23:58 cd1 named[2224]: samba_dlz: added rdataset
xp2.home.cu
>>> 'xp2.home.cu.#0111200#011IN#011A#011192.168.58.45'
>>> Apr 21 11:23:58 cd1 named[2224]: samba_dlz: committed transaction
on
>>> zone
>>> home.cu
>>> Apr 21 11:24:00 cd1 dhcpd: Dynamic and static leases present for
>>> 192.168.58.45.
>>> Apr 21 11:24:00 cd1 dhcpd: Remove host declaration pc_xp2 or remove
>>> 192.168.58.45
>>> Apr 21 11:24:00 cd1 dhcpd: from the dynamic address pool for
>> 192.168.58.0/24
>>> Apr 21 11:24:00 cd1 dhcpd: DHCPREQUEST for 192.168.58.45 from
>>> 08:00:27:d0:41:21 via eth0
>>> Apr 21 11:24:00 cd1 dhcpd: DHCPACK on 192.168.58.45 to 
>>> 08:00:27:d0:41:21
>>> via eth0
>>> Apr 21 11:24:00 cd1 named[2224]: samba_dlz: starting transaction on
>>> zone
>>> 58.168.192.in-addr.arpa
>>> Apr 21 11:24:00 cd1 named[2224]: client 192.168.58.10#22874: update
>>> '58.168.192.in-addr.arpa/IN' denied
>>> Apr 21 11:24:00 cd1 named[2224]: samba_dlz: cancelling transaction 
>>> on zone
>>> 58.168.192.in-addr.arpa
>>> Apr 21 11:24:00 cd1 dhcpd: Unable to add reverse map from
>>> 45.58.168.192.in-addr.arpa. to xp2.home.cu: REFUSED
>>> Apr 21 11:24:00 cd1 named[2224]: samba_dlz: starting transaction on
>>> zone
>>> home.cu
>>> Apr 21 11:24:00 cd1 named[2224]: client 192.168.58.45#1320: update
>>> 'home.cu/IN' denied
>>> Apr 21 11:24:00 cd1 named[2224]: samba_dlz: cancelling transaction 
>>> on zone
>>> home.cu
>>>
>>> What I meant is my problem with the reverse zone, the direct zone
works
>>> out well
>>>
>>>
>>> It has to do with the permissions, but I have tried in many ways 
>>> without
>>> solution
>>>
>>> What could be missing?
>>>
>>>
>>>
>>> Leonidch
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> ---------------------------- Mensaje original 
>>> ----------------------------
>>> Asunto: Re: [Samba] [Fwd: Re: [Fwd: Re: Samba 4 more complete]]
>>> De:     "Rowland penny" <rpenny at samba.org>
>>> Fecha:  Jue, 21 de Abril de 2016, 10:46 am
>>> Para:   samba at lists.samba.org
>>>
--------------------------------------------------------------------------
>>>
>>>
>>> On 21/04/16 15:23, cosme at crearq.co.cu wrote:
>>>> First question
>>>>
>>>> To use bind as dlz is required to be compiled from source or
you
>>>> can use
>>>> the package bind9 repo Debian8 ??
>>>>
>>>> Because I'm seeing you in the wiki
>>>>
https://wiki.samba.org/index.php/Setup_a_basic_BIND_installation
>>>> ------------------------------------------
>>>> says this
>>>>
>>>> If you install BIND from the repositories of your distribution,
you
>>>> can
>>>> skip the following two steps, but make sure it was compiled
That
>>>> With The
>>>> '--with-gssapi' and '--with-dlopen' options
(see below) before
>>>> using it as
>>>> the Samba AD DNS backend.
>>>> -------------------------------------------
>>>>
>>>> In this case I bind9.9.5 use since the repo comes with 
>>>> --with-gssapi but
>>>> not with --with-dlopen or --with-dlz-dlopen '
>>> Hmm, the wiki needs updating, Bind9.9.x now compiles dlopen in as
>>> standard, it is no longer an option, not entirely sure just when it
>>> changed, but I can assure you Bind9 in Jessie does work with Samba4
>>> (and
>>> dhcp)
>>>
>>> Next question :-D
>>>
>>> Rowland
>>>
>>>
>>>> What can I do in that case ??
>>>>
>>>> maybe that's one of my problems
>>>>
>>>> Leonidch
>>>>
>>>>
>> You mean you want to see something like this in the logs:
>>
>> Apr 21 06:46:27 dc1 named[1698]: samba_dlz: starting transaction on
zone
>> 0.168.192.in-addr.arpa
>> Apr 21 06:46:27 dc1 named[1698]: samba_dlz: allowing update of
>> signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=101.0.168.192.in-addr.arpa
>> tcpaddr=127.0.0.1 type=PTR 
>> key=990741993.sig-dc1.samdom.example.com/160/0
>> Apr 21 06:46:27 dc1 named[1698]: samba_dlz: allowing update of
>> signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=101.0.168.192.in-addr.arpa
>> tcpaddr=127.0.0.1 type=PTR 
>> key=990741993.sig-dc1.samdom.example.com/160/0
>> Apr 21 06:46:27 dc1 named[1698]: client 127.0.0.1#34666/key
>> dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone
>> '0.168.192.in-addr.arpa/NONE': deleting rrset at
>> '101.0.168.192.in-addr.arpa' PTR
>> Apr 21 06:46:27 dc1 named[1698]: samba_dlz: subtracted rdataset
>> 101.0.168.192.in-addr.arpa
>>
'101.0.168.192.in-addr.arpa.#0113600#011IN#011PTR#011HP-Printer.samdom.example.com.'
>>
>> Apr 21 06:46:27 dc1 named[1698]: client 127.0.0.1#34666/key
>> dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone
>> '0.168.192.in-addr.arpa/NONE': adding an RR at
>> '101.0.168.192.in-addr.arpa' PTR
>> Apr 21 06:46:27 dc1 named[1698]: samba_dlz: added rdataset
>> 101.0.168.192.in-addr.arpa
>>
'101.0.168.192.in-addr.arpa.#0113600#011IN#011PTR#011HP-Printer.samdom.example.com.'
>>
>> Apr 21 06:46:27 dc1 named[1698]: samba_dlz: committed transaction on
>> zone 0.168.192.in-addr.arpa
>> Apr 21 06:46:27 dc1 root: DHCP-DNS Update succeeded
>>
>> Can I ask how you have tried to do the updates ?
>> Is dhcp trying to update the reverse zone directly ?
>>
>> Rowland
>>
>
> OK, I thought that was what you were doing, what you are missing 
> (amongst other things) is this from the bottom of dhcpd.conf:
>
> on commit {
> set noname = concat("dhcp-", binary-to-ascii(10, 8,
"-",
> leased-address));
> set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
> set ClientDHCID = binary-to-ascii(16, 8, ":", hardware);
> set ClientName = pick-first-value(option host-name, 
> config-option-host-name, client-name, noname);
> log(concat("Commit: IP: ", ClientIP, " DHCID: ",
ClientDHCID, " Name:
> ", ClientName));
> execute("/etc/dhcp/bin/dhcp-dyndns.sh", "add",
ClientIP, ClientDHCID,
> ClientName);
> }
>
> on release {
> set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
> set ClientDHCID = binary-to-ascii(16, 8, ":", hardware);
> log(concat("Release: IP: ", ClientIP));
> execute("/etc/dhcp/bin/dhcp-dyndns.sh", "delete",
ClientIP, ClientDHCID);
> }
>
> on expiry {
> set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
> # cannot get a ClientMac here, apparently this only works when 
> actually receiving a packet
> log(concat("Expired: IP: ", ClientIP));
> # cannot get a ClientName here, for some reason that always fails
> execute("/etc/dhcp/bin/dhcp-dyndns.sh", "delete",
ClientIP, "", "0");
> }
>
> As you can see, dhcp has the facility to run a script and it is this 
> script that does the updates, you will also have to stop your windows 
> clients from trying to update their own records, but there is a gpo 
> for this.
>
> I will check over my notes ( to make sure they are correct and 
> up-todate) and I will then send you them off list.
>
> Rowland
>
OK, see the attached tarball, all the info is in there, if you have any 
questions, just ask.

Rowland