Hello List, Hello Rowland :-)
again I'm having problems with the DDNS. I did it as shown in the wiki.
I took all teh scripts from the wiki the dhcp-dyndns.sh is Version: 0.8.9
I configured everything including the failover. When I start the two
DHCP-Server everything is perfect. I see the right messages in the log,
the two DHCP-Servers are talking to each other. When a Client ask for an
IP-adresse he get's one. BUT the DNS-Update is not working. Here is the
result from the log:
--------------------
Aug 15 21:27:51 sambabuch dhcpd[572]: Commit: IP: 192.168.56.221 DHCID:
1:8:0:27:7b:f1:f2 Name: linux-client
Aug 15 21:27:51 sambabuch dhcpd[572]: execute_statement argv[0]
/etc/dhcp/bin/dhcp-dyndns.sh
Aug 15 21:27:51 sambabuch dhcpd[572]: execute_statement argv[1] = add
Aug 15 21:27:51 sambabuch dhcpd[572]: execute_statement argv[2] 192.168.56.221
Aug 15 21:27:51 sambabuch dhcpd[572]: execute_statement argv[3]
1:8:0:27:7b:f1:f2
Aug 15 21:27:51 sambabuch dhcpd[572]: execute_statement argv[4] linux-client
Aug 15 21:27:51 sambabuch root[671]: 15-08-18 21:27:51 [dyndns] :
Getting new ticket, old one has expired
Aug 15 21:27:51 sambabuch root[674]: 15-08-18 21:27:51 [dyndns] : dhcpd
kinit for dynamic DNS failed
Aug 15 21:27:51 sambabuch dhcpd[572]: execute:
/etc/dhcp/bin/dhcp-dyndns.sh exit status 256
Aug 15 21:27:51 sambabuch dhcpd[572]: DHCPREQUEST for 192.168.56.221
from 08:00:27:7b:f1:f2 (linux-client) via enp0s8
Aug 15 21:27:51 sambabuch dhcpd[572]: DHCPACK on 192.168.56.221 to
08:00:27:7b:f1:f2 (linux-client) via enp0s8
--------------------
I saw there is a problem with the kerberos ticket so I checked with:
---------------------
root at sambabuch:~# klist -c /tmp/dhcp-dyndns.cc
klist: No ticket file: /tmp/dhcp-dyndns.cc
---------------------
Then I executed the part of the script step by step
---------------------
root at sambabuch:~# domain=$(hostname -d)
root at sambabuch:~# REALM=$(echo ${domain^^})
root at sambabuch:~# echo $REALM
EXAMPLE.NET
root at sambabuch:~# SETPRINCIPAL="dhcpduser@${REALM}"
root at sambabuch:~# echo $SETPRINCIPAL
dhcpduser at EXAMPLE.NET
root at sambabuch:~# kinit -F -k -t /etc/dhcpduser.keytab -c
/tmp/dhcp-dyndns.cc "${SETPRINCIPAL}"
root at sambabuch:~# klist -c /tmp/dhcp-dyndns.cc
Credentials cache: FILE:/tmp/dhcp-dyndns.cc
Principal: dhcpduser at EXAMPLE.NET
Issued Expires Principal
Aug 15 21:40:17 2018 Aug 16 07:40:17 2018 krbtgt/EXAMPLE.NET at EXAMPLE.NET
---------------------
Then I restarted the client, I'm getting the following messages:
---------------------Aug 15 21:43:29 sambabuch dhcpd[572]: Commit: IP:
192.168.56.221 DHCID: 1:8:0:27:7b:f1:f2 Name: linux-client
Aug 15 21:43:29 sambabuch dhcpd[572]: execute_statement argv[0]
/etc/dhcp/bin/dhcp-dyndns.sh
Aug 15 21:43:29 sambabuch dhcpd[572]: execute_statement argv[1] = add
Aug 15 21:43:29 sambabuch dhcpd[572]: execute_statement argv[2] 192.168.56.221
Aug 15 21:43:29 sambabuch dhcpd[572]: execute_statement argv[3]
1:8:0:27:7b:f1:f2
Aug 15 21:43:29 sambabuch dhcpd[572]: execute_statement argv[4] linux-client
Aug 15 21:43:29 sambabuch named[506]: client 127.0.0.1#38287/key
dhcpduser\@EXAMPLE.NET: updating zone '168.192.IN-ADDR.ARPA/IN': update
failed: not authoritative for update zone (NOTAUTH)
Aug 15 21:43:29 sambabuch root[766]: DHCP-DNS Update failed: 22
Aug 15 21:43:29 sambabuch dhcpd[572]: execute:
/etc/dhcp/bin/dhcp-dyndns.sh exit status 5632
Aug 15 21:43:29 sambabuch dhcpd[572]: reuse_lease: lease age 88 (secs)
under 25% threshold, reply with unaltered, existing lease for 192.168.56.221
Aug 15 21:43:29 sambabuch dhcpd[572]: DHCPREQUEST for 192.168.56.221
from 08:00:27:7b:f1:f2 (linux-client) via enp0s8
Aug 15 21:43:29 sambabuch dhcpd[572]: DHCPACK on 192.168.56.221 to
08:00:27:7b:f1:f2 (linux-client) via enp0s8
---------------------
And now I don't know where to look.
Here is my dhcpd.conf from the secondary
---------------------
authoritative;
ddns-update-style none;
# Start failover Konfiguration
failover peer "dhcp-failover" {
secondary;
address sambabuch-02.example.net;
peer address sambabuch.example.net;
max-response-delay 60;
max-unacked-updates 10;
load balance max seconds 3;
}
# End failover configuration
subnet 192.168.56.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.56.255;
option time-offset 0;
# option routers 192.168.0.1;
option domain-name "example.net";
option domain-name-servers 192.168.56.31, 192.168.56.32;
option netbios-name-servers 192.168.56.11;
option ntp-servers 192.168.0.31, 192.168.56.32;
pool {
failover peer "dhcp-failover"; # Add for failover
max-lease-time 1800; # 30 minutes
range 192.168.56.220 192.168.56.239;
}
}
on commit {
set noname = concat("dhcp-", binary-to-ascii(10, 8, "-",
leased-address));
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
set ClientDHCID = binary-to-ascii(16, 8, ":", hardware);
set ClientName = pick-first-value(option host-name,
config-option-host-name, client-name, noname);
log(concat("Commit: IP: ", ClientIP, " DHCID: ",
ClientDHCID, " Name: ",
ClientName));
execute("/etc/dhcp/bin/dhcp-dyndns.sh", "add", ClientIP,
ClientDHCID,
ClientName);
}
on release {
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
set ClientDHCID = binary-to-ascii(16, 8, ":", hardware);
log(concat("Release: IP: ", ClientIP));
execute("/etc/dhcp/bin/dhcp-dyndns.sh", "delete", ClientIP,
ClientDHCID);
}
on expiry {
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
# cannot get a ClientMac here, apparently this only works when actually
receiving a packet
log(concat("Expired: IP: ", ClientIP));
# cannot get a ClientName here, for some reason that always fails
execute("/etc/dhcp/bin/dhcp-dyndns.sh", "delete", ClientIP,
"", "0");
}
omapi-port 7911;
omapi-key omapi_key;
key omapi_key {
algorithm hmac-md5;
secret
VeKKfYgBBx6i1KJZGUZBb5/hprxWUtquYc6eMMA9ucff5//4bnWJ+JcRJ70A6H6Q2dn67EbyTmeMigbdZ6JS1w==;
}
---------------------
And from the master
---------------------
authoritative;
ddns-update-style none;
#Start failover configuration
failover peer "dhcp-failover" {
primary;
address sambabuch.example.net;
peer address sambabuch-02.example.net;
max-response-delay 60;
max-unacked-updates 10;
mclt 3600;
split 128;
load balance max seconds 3;
}
# End failover configuration
subnet 192.168.56.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.56.255;
option time-offset 0;
# option routers 192.168.0.1;
option domain-name "example.net";
option domain-name-servers 192.168.56.31, 192.168.56.32;
option netbios-name-servers 192.168.56.11;
option ntp-servers 192.168.56.31, 192.168.56.32;
pool {
failover peer "dhcp-failover"; # Add for failover
max-lease-time 1800; # 30 minutes
range 192.168.56.220 192.168.56.239;
}
}
on commit {
set noname = concat("dhcp-", binary-to-ascii(10, 8, "-",
leased-address));
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
set ClientDHCID = binary-to-ascii(16, 8, ":", hardware);
set ClientName = pick-first-value(option host-name,
config-option-host-name, client-name, noname);
log(concat("Commit: IP: ", ClientIP, " DHCID: ",
ClientDHCID, " Name: ",
ClientName));
execute("/etc/dhcp/bin/dhcp-dyndns.sh", "add", ClientIP,
ClientDHCID,
ClientName);
}
on release {
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
set ClientDHCID = binary-to-ascii(16, 8, ":", hardware);
log(concat("Release: IP: ", ClientIP));
execute("/etc/dhcp/bin/dhcp-dyndns.sh", "delete", ClientIP,
ClientDHCID);
}
on expiry {
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
# cannot get a ClientMac here, apparently this only works when actually
receiving a packet
log(concat("Expired: IP: ", ClientIP));
# cannot get a ClientName here, for some reason that always fails
execute("/etc/dhcp/bin/dhcp-dyndns.sh", "delete", ClientIP,
"", "0");
}
omapi-port 7911;
omapi-key omapi_key;
key omapi_key {
algorithm hmac-md5;
secret
VeKKfYgBBx6i1KJZGUZBb5/hprxWUtquYc6eMMA9ucff5//4bnWJ+JcRJ70A6H6Q2dn67EbyTmeMigbdZ6JS1w==;
}
---------------------
Permissions:
root at sambabuch:~# ls -l /etc/dhcp/bin/dhcp-dyndns.sh
-rwxr-xr-x 1 root root 4065 Aug 13 21:14 /etc/dhcp/bin/dhcp-dyndns.sh
root at sambabuch:~# ls -l /etc/dhcpduser.keytab
-r-------- 1 root root 337 Aug 15 21:05 /etc/dhcpduser.keytab
As always, any help is welcome :-)
Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.samba.org/pipermail/samba/attachments/20180815/18ef3292/signature.sig>