Samba - General mailing list wrote> On Wed, 17 May 2017 04:26:16 -0700 (PDT) > artyom via samba <> samba at .samba> > wrote: > >> I use official manual from wiki.samba.org for install samba 4.6.3 >> (from source) with bind_dlz on bind 9.9.10 (from source too). My OS >> is Debian Jessie x64 8.8 netinst. I use >> https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_with_BIND9 >> article for dynamic dhcp updates on dns zones. DHCP is working but dns >> updates not: i have this messages on my syslog then dhcpoffer: > >> named[611]: samba_dlz: committed transaction on zone kch.remel.lan >> May 17 14:32:09 ad1 remel: DHCP-DNS Update failed: 01 >> > > The forward zone is getting updated but the reverse zone isn't, have > you created the reverse zone, it isn't created automatically. > > RowlandThanks! Now, then i use /etc/dhcp/bin/dhcp-dyndns.sh add 10.10.1.253 01:02:03:04:06:09 twofivethree and later /etc/dhcp/bin/dhcp-dyndns.sh delete 10.10.1.253 01:02:03:04:06:09 twofivethree it's work well, no errors, but then i add a client (windows seven) i have: May 18 09:10:35 ad1 dhcpd: DHCPDISCOVER from ea:d6:54:12:48:54 via eth0 May 18 09:10:36 ad1 dhcpd: DHCPOFFER on 10.10.1.0 to ea:d6:54:12:48:54 (test-pc) via eth0 May 18 09:10:36 ad1 dhcpd: Commit: IP: 10.10.1.0 DHCID: 1:ea:d6:54:12:48:54 Name: test-pc May 18 09:10:36 ad1 dhcpd: execute_statement argv[0] /etc/dhcp/bin/dhcp-dyndns.sh May 18 09:10:36 ad1 dhcpd: execute_statement argv[1] = add May 18 09:10:36 ad1 dhcpd: execute_statement argv[2] = 10.10.1.0 May 18 09:10:36 ad1 dhcpd: execute_statement argv[3] = 1:ea:d6:54:12:48:54 May 18 09:10:36 ad1 dhcpd: execute_statement argv[4] = test-pc May 18 09:10:36 ad1 dhcpd: execute: /etc/dhcp/bin/dhcp-dyndns.sh exit status 256 May 18 09:10:36 ad1 dhcpd: DHCPREQUEST for 10.10.1.0 (10.10.0.3) from ea:d6:54:12:48:54 (test-pc) via eth0 May 18 09:10:36 ad1 dhcpd: DHCPACK on 10.10.1.0 to ea:d6:54:12:48:54 (test-pc) via eth0 May 18 09:10:39 ad1 named[607]: samba_dlz: starting transaction on zone kch.remel.lan May 18 09:10:39 ad1 named[607]: client 10.10.1.0#61811: update 'kch.remel.lan/IN' denied May 18 09:10:39 ad1 named[607]: samba_dlz: cancelling transaction on zone kch.remel.lan May 18 09:10:39 ad1 named[607]: samba_dlz: starting transaction on zone kch.remel.lan May 18 09:10:39 ad1 named[607]: client 10.10.1.0#56098: update 'kch.remel.lan/IN' denied May 18 09:10:39 ad1 named[607]: samba_dlz: cancelling transaction on zone kch.remel.lan why it can deny transaction? -- View this message in context: http://samba.2283325.n4.nabble.com/can-t-do-dhcp-samba-bind-work-together-tp4718775p4718801.html Sent from the Samba - General mailing list archive at Nabble.com.
On Wed, 17 May 2017 21:12:56 -0700 (PDT) artyom via samba <samba at lists.samba.org> wrote:> Samba - General mailing list wrote > > On Wed, 17 May 2017 04:26:16 -0700 (PDT) > > artyom via samba < > > > samba at .samba > > > > wrote: > > > >> I use official manual from wiki.samba.org for install samba 4.6.3 > >> (from source) with bind_dlz on bind 9.9.10 (from source too). My OS > >> is Debian Jessie x64 8.8 netinst. I use > >> https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_with_BIND9 > >> article for dynamic dhcp updates on dns zones. DHCP is working but > >> dns updates not: i have this messages on my syslog then dhcpoffer: > > > >> named[611]: samba_dlz: committed transaction on zone kch.remel.lan > >> May 17 14:32:09 ad1 remel: DHCP-DNS Update failed: 01 > >> > > > > The forward zone is getting updated but the reverse zone isn't, have > > you created the reverse zone, it isn't created automatically. > > > > Rowland > > Thanks! Now, then i use > > /etc/dhcp/bin/dhcp-dyndns.sh add 10.10.1.253 01:02:03:04:06:09 > twofivethree > > and later > > /etc/dhcp/bin/dhcp-dyndns.sh delete 10.10.1.253 01:02:03:04:06:09 > twofivethree > > it's work well, no errors, but then i add a client (windows seven) i > have: > > May 18 09:10:35 ad1 dhcpd: DHCPDISCOVER from ea:d6:54:12:48:54 via > eth0 May 18 09:10:36 ad1 dhcpd: DHCPOFFER on 10.10.1.0 to > ea:d6:54:12:48:54 (test-pc) via eth0 > May 18 09:10:36 ad1 dhcpd: Commit: IP: 10.10.1.0 DHCID: > 1:ea:d6:54:12:48:54 Name: test-pc > May 18 09:10:36 ad1 dhcpd: execute_statement argv[0] > /etc/dhcp/bin/dhcp-dyndns.sh > May 18 09:10:36 ad1 dhcpd: execute_statement argv[1] = add > May 18 09:10:36 ad1 dhcpd: execute_statement argv[2] = 10.10.1.0 > May 18 09:10:36 ad1 dhcpd: execute_statement argv[3] > 1:ea:d6:54:12:48:54 May 18 09:10:36 ad1 dhcpd: execute_statement > argv[4] = test-pc May 18 09:10:36 ad1 dhcpd: > execute: /etc/dhcp/bin/dhcp-dyndns.sh exit status 256For some reason the script is failing, probably for a permissions problem. Is apparmor installed ? Please double check ownership of files etc.> May 18 09:10:36 ad1 dhcpd: DHCPREQUEST for 10.10.1.0 (10.10.0.3) from > ea:d6:54:12:48:54 (test-pc) via eth0 > May 18 09:10:36 ad1 dhcpd: DHCPACK on 10.10.1.0 to ea:d6:54:12:48:54 > (test-pc) via eth0 > May 18 09:10:39 ad1 named[607]: samba_dlz: starting transaction on > zone kch.remel.lan > May 18 09:10:39 ad1 named[607]: client 10.10.1.0#61811: update > 'kch.remel.lan/IN' denied > May 18 09:10:39 ad1 named[607]: samba_dlz: cancelling transaction on > zone kch.remel.lan > May 18 09:10:39 ad1 named[607]: samba_dlz: starting transaction on > zone kch.remel.lan > May 18 09:10:39 ad1 named[607]: client 10.10.1.0#56098: update > 'kch.remel.lan/IN' denied > May 18 09:10:39 ad1 named[607]: samba_dlz: cancelling transaction on > zone kch.remel.lan > > why it can deny transaction?This bit is easy, as I said, the script is failing, the above is from when your clients try to update their own records and get denied. You need to stop your clients trying to update their own records. When it does work, you should see something like this in syslog: May 18 06:32:28 member1 dhcpd: DHCPREQUEST for 192.168.0.118 from cc:4e:ec:e9:c8:d3 via eth0 May 18 06:32:28 member1 dhcpd: DHCPACK on 192.168.0.118 to cc:4e:ec:e9:c8:d3 via eth0 May 18 06:33:40 member1 dhcpd: Commit: IP: 192.168.0.164 DHCID: 1:1c:65:9d:9d:e6:94 Name: EAPDEV-PC May 18 06:33:40 member1 dhcpd: execute_statement argv[0] = /etc/dhcp/bin/dhcp-dyndns.sh May 18 06:33:40 member1 dhcpd: execute_statement argv[1] = add May 18 06:33:40 member1 dhcpd: execute_statement argv[2] = 192.168.0.164 May 18 06:33:40 member1 dhcpd: execute_statement argv[3] = 1:1c:65:9d:9d:e6:94 May 18 06:33:40 member1 dhcpd: execute_statement argv[4] = EAPDEV-PC May 18 06:33:40 member1 named[1980]: samba_dlz: starting transaction on zone samdom.example.com May 18 06:33:40 member1 named[1980]: samba_dlz: allowing update of signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=EAPDEV-PC.samdom.example.com tcpaddr=127.0.0.1 type=A key=3578045150.sig-member1.samdom.example.com/160/0 May 18 06:33:40 member1 named[1980]: samba_dlz: allowing update of signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=EAPDEV-PC.samdom.example.com tcpaddr=127.0.0.1 type=A key=3578045150.sig-member1.samdom.example.com/160/0 May 18 06:33:40 member1 named[1980]: client 127.0.0.1#57668/key dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone 'samdom.example.com/NONE': deleting rrset at 'EAPDEV-PC.samdom.example.com' A May 18 06:33:40 member1 named[1980]: samba_dlz: subtracted rdataset EAPDEV-PC.samdom.example.com 'EAPDEV-PC.samdom.example.com.#0113600#011IN#011A#011192.168.0.164' May 18 06:33:40 member1 named[1980]: client 127.0.0.1#57668/key dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone 'samdom.example.com/NONE': adding an RR at 'EAPDEV-PC.samdom.example.com' A May 18 06:33:40 member1 named[1980]: samba_dlz: added rdataset EAPDEV-PC.samdom.example.com 'EAPDEV-PC.samdom.example.com.#0113600#011IN#011A#011192.168.0.164' May 18 06:33:40 member1 named[1980]: samba_dlz: committed transaction on zone samdom.example.com May 18 06:33:40 member1 named[1980]: samba_dlz: starting transaction on zone 0.168.192.in-addr.arpa May 18 06:33:40 member1 named[1980]: samba_dlz: allowing update of signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=164.0.168.192.in-addr.arpa tcpaddr=127.0.0.1 type=PTR key=588484016.sig-member1.samdom.example.com/160/0 May 18 06:33:40 member1 named[1980]: samba_dlz: allowing update of signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=164.0.168.192.in-addr.arpa tcpaddr=127.0.0.1 type=PTR key=588484016.sig-member1.samdom.example.com/160/0 May 18 06:33:40 member1 named[1980]: client 127.0.0.1#40979/key dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone '0.168.192.in-addr.arpa/NONE': deleting rrset at '164.0.168.192.in-addr.arpa' PTR May 18 06:33:40 member1 named[1980]: samba_dlz: subtracted rdataset 164.0.168.192.in-addr.arpa '164.0.168.192.in-addr.arpa.#0113600#011IN#011PTR#011EAPDEV-PC.samdom.example.com.' May 18 06:33:40 member1 named[1980]: client 127.0.0.1#40979/key dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone '0.168.192.in-addr.arpa/NONE': adding an RR at '164.0.168.192.in-addr.arpa' PTR May 18 06:33:40 member1 named[1980]: samba_dlz: added rdataset 164.0.168.192.in-addr.arpa '164.0.168.192.in-addr.arpa.#0113600#011IN#011PTR#011EAPDEV-PC.samdom.example.com.' May 18 06:33:40 member1 named[1980]: samba_dlz: committed transaction on zone 0.168.192.in-addr.arpa May 18 06:33:40 member1 root: DHCP-DNS Update succeeded Rowland
Samba - General mailing list wrote> On Wed, 17 May 2017 21:12:56 -0700 (PDT) > artyom via samba <> samba at .samba> > wrote: > > >> >> I use official manual from wiki.samba.org for install samba 4.6.3 >> >> (from source) with bind_dlz on bind 9.9.10 (from source too). My OS >> >> is Debian Jessie x64 8.8 netinst. I use >> >> >> https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_with_BIND9 >> >> article for dynamic dhcp updates on dns zones. DHCP is working but >> >> dns updates not: i have this messages on my syslog then dhcpoffer: >> > >> >> named[611]: samba_dlz: committed transaction on zone kch.remel.lan >> >> May 17 14:32:09 ad1 remel: DHCP-DNS Update failed: 01 >> >> >> > >> > The forward zone is getting updated but the reverse zone isn't, have >> > you created the reverse zone, it isn't created automatically. >> > >> > Rowland > >> Thanks! Now, then i use >> >> /etc/dhcp/bin/dhcp-dyndns.sh add 10.10.1.253 01:02:03:04:06:09 >> twofivethree >> >> it's work well, no errors, but then i add a client (windows seven) i >> have: > >> 1:ea:d6:54:12:48:54 May 18 09:10:36 ad1 dhcpd: execute_statement >> argv[4] = test-pc May 18 09:10:36 ad1 dhcpd: >> execute: /etc/dhcp/bin/dhcp-dyndns.sh exit status 256 >> May 18 09:10:39 ad1 named[607]: samba_dlz: starting transaction on >> zone kch.remel.lan >> May 18 09:10:39 ad1 named[607]: client 10.10.1.0#61811: update >> 'kch.remel.lan/IN' denied > >> >> why it can deny transaction? > > This bit is easy, as I said, the script is failing, the above is from > when your clients try to update their own records and get denied. > You need to stop your clients trying to update their own records. > When it does work, you should see something like this in syslog: > > May 18 06:33:40 member1 named[1980]: samba_dlz: starting transaction on > zone samdom.example.com > > May 18 06:33:40 member1 named[1980]: samba_dlz: starting transaction on > zone 0.168.192.in-addr.arpa > May 18 06:33:40 member1 named[1980]: samba_dlz: allowing update of > signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=164.0.168.192.in-addr.arpa > tcpaddr=127.0.0.1 type=PTR > key=588484016.sig-member1.samdom.example.com/160/0 > > May 18 06:33:40 member1 root: DHCP-DNS Update succeeded > > RowlandI can stop it by unselecting this: ipv4 ->Properties->Advanced -> DNS Tab -> Register this connection's addresses in DNS? I know, it looks like an RTFM problem from me, but it's because unsecure updates from win dns client service? This start to work after I add this pc to domain. Now I have: May 18 10:40:38 ad1 named[607]: samba_dlz: starting transaction on zone kch.remel.lan May 18 10:40:38 ad1 named[607]: client 10.10.1.0#52807: update 'kch.remel.lan/IN' denied May 18 10:40:38 ad1 named[607]: samba_dlz: cancelling transaction on zone kch.remel.lan May 18 10:40:38 ad1 named[607]: samba_dlz: starting transaction on zone kch.remel.lan May 18 10:40:38 ad1 named[607]: samba_dlz: allowing update of signer=TEST-PC\$\@KCH.REMEL.LAN name=test-pc.kch.remel.lan tcpaddr= type=A key=1204-ms-7.2-18d02.5706f740-3b8c-11e7-85ab-ead654124854/160/0 ---OUT OMITTED----- May 18 10:40:38 ad1 named[607]: samba_dlz: committed transaction on zone kch.remel.lan May 18 10:40:38 ad1 named[607]: samba_dlz: starting transaction on zone 10.10.in-addr.arpa May 18 10:40:38 ad1 named[607]: client 10.10.1.0#53044: update '10.10.in-addr.arpa/IN' denied May 18 10:40:38 ad1 named[607]: samba_dlz: cancelling transaction on zone 10.10.in-addr.arpa May 18 10:40:38 ad1 named[607]: samba_dlz: starting transaction on zone 10.10.in-addr.arpa May 18 10:40:38 ad1 named[607]: samba_dlz: allowing update of signer=TEST-PC\$\@KCH.REMEL.LAN name=0.1.10.10.in-addr.arpa tcpaddrtype=PTR key=1204-ms-7.2-18d02.5706f740-3b8c-11e7-85ab-ead654124854/160/0 ---OUT OMITTED----- May 18 10:40:38 ad1 named[607]: samba_dlz: committed transaction on zone 10.10.in-addr.arpa If I understand clearly, the second update (signer=TEST-PC) is a win client secure dynamic dns update in "domain mode". Whis is something like transaction conflict? -- View this message in context: http://samba.2283325.n4.nabble.com/can-t-do-dhcp-samba-bind-work-together-tp4718775p4718822.html Sent from the Samba - General mailing list archive at Nabble.com.