samba - Jan 2023 - Samba Wiki: fix to "Configure DHCP to update DNS records" page

On 23/01/2023 13:47, Ing. Claudio Nicora via samba
wrote:
> @Rowland Penny: thanks for the BASH script to let DHCP update DNS 
> records 
> (https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records).
> 
> I'm suggesting this change:
> the "if" condition at line 171 does not use the filename assigned
to
> $keytab variable (at line 41), but a fixed filename (equal to default 
> $keytab filename).
> If someone (like me) need to set a different filename, then the Kerberos 
> keytab test fails.
> 
> So my suggestion is to replace the "if" condition (around line
171) from
> 
> ------------------------------
> # Check for Kerberos keytab
> if [?! -f /etc/dhcpduser.keytab ]
> then
>  ? logger "Required keytab $keytab not found, it needs to be
created."
>  ? ...
> ------------------------------
> 
> to
> 
> ------------------------------
> # Check for Kerberos keytab
> if [?! -f "$keytab" ]
> then
>  ? logger "Required keytab $keytab not found, it needs to be
created."
>  ? ...
> ------------------------------
> 
> Thanks for your work
Thanks for pointing that out, thought I had changed them all, I have now 
(hopefully)

Rowland

Thanks,

Anyway way can't update samba_dlz PTR records
 not allowing update of signer PTR

I'm missing something

can't update PTR records via DHCP



El lun, 23 ene 2023 a las 8:55, Rowland Penny via samba (<
samba at lists.samba.org>) escribi?:
>
>
> On 23/01/2023 13:47, Ing. Claudio Nicora via samba wrote:
> > @Rowland Penny: thanks for the BASH script to let DHCP update DNS
> > records
> >
(https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records).
> >
> > I'm suggesting this change:
> > the "if" condition at line 171 does not use the filename
assigned to
> > $keytab variable (at line 41), but a fixed filename (equal to default
> > $keytab filename).
> > If someone (like me) need to set a different filename, then the
Kerberos
> > keytab test fails.
> >
> > So my suggestion is to replace the "if" condition (around
line 171) from
> >
> > ------------------------------
> > # Check for Kerberos keytab
> > if [ ! -f /etc/dhcpduser.keytab ]
> > then
> >    logger "Required keytab $keytab not found, it needs to be
created."
> >    ...
> > ------------------------------
> >
> > to
> >
> > ------------------------------
> > # Check for Kerberos keytab
> > if [ ! -f "$keytab" ]
> > then
> >    logger "Required keytab $keytab not found, it needs to be
created."
> >    ...
> > ------------------------------
> >
> > Thanks for your work
>
> Thanks for pointing that out, thought I had changed them all, I have now
> (hopefully)
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

I've found another issue that causes the following error (at least with 
my samba-tool 4.7.6):

ERROR(runtime): uncaught exception - (-1073741811, 'An invalid parameter 
was passed to a service or function.')
Jan 27 12:17:11 srv sh[1346]:?? File 
"/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176,
in _run
Jan 27 12:17:11 srv sh[1346]:???? return self.run(*args, **kwargs)
Jan 27 12:17:11 srv sh[1346]:?? File 
"/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 1062, in
run
Jan 27 12:17:11 srv sh[1346]:???? del_rec_buf)

The error is caused by the script trying to delete an empty IP, and it 
happens when adding a DNS record for a client for the first time.
To reproduce it, delete an (eventually) existing record by running 
dhcpd-dyndns.sh script with "delete" parameter, then reexecute the
same
script with "add".

The line causing the error is this:

------------------------
## update ##
case "${action}" in
 ?? ?add)
 ?? ???? _KERBEROS
 ?? ???? count=0
 ?? ???? # does host have an existing 'A' record??
 ?? ???? A_REC=$($SAMBATOOL dns query "${Server}"
"${domain}" "${name}"
A "$KTYPE" 2>/dev/null | grep 'A:' | awk '{print
$2}')

 ?? ???? # turn A_REC into an array
 ?? ???? A_REC=("$A_REC")??? ??? <---------- ERROR CAUSED BY THIS
ASSIGNMENT
------------------------

When "$SAMBATOOL dns query" command returns no record, it returns an 
empty string, so the array conversion becomes like this:
A_REC=("")
which creates an array with 1 element (the empty string) and not an 
empty array ;)

My suggestion is to change array conversion like this:

------------------------
## update ##
case "${action}" in
 ? add)
 ??? _KERBEROS
 ??? count=0
 ??? # does host have an existing 'A' record??
 ??? A_REC=$($SAMBATOOL dns query "${Server}" "${domain}"
"${name}" A
"$KTYPE" 2>/dev/null | grep 'A:' | awk '{print
$2}')

 ??? # turn A_REC into an array
 ??? if [[ -z "$A_REC" ]]
 ??? then
 ????? A_REC=()
 ??? else
 ????? A_REC=("$A_REC")
 ??? fi
------------------------

Thanks for your work
Claudio


Il 23/01/2023 14:54, Rowland Penny via samba ha scritto:
>
>
> On 23/01/2023 13:47, Ing. Claudio Nicora via samba wrote:
>> @Rowland Penny: thanks for the BASH script to let DHCP update DNS 
>> records 
>>
(https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records).
>>
>> I'm suggesting this change:
>> the "if" condition at line 171 does not use the filename
assigned to
>> $keytab variable (at line 41), but a fixed filename (equal to default 
>> $keytab filename).
>> If someone (like me) need to set a different filename, then the 
>> Kerberos keytab test fails.
>>
>> So my suggestion is to replace the "if" condition (around
line 171) from
>>
>> ------------------------------
>> # Check for Kerberos keytab
>> if [?! -f /etc/dhcpduser.keytab ]
>> then
>> ?? logger "Required keytab $keytab not found, it needs to be
created."
>> ?? ...
>> ------------------------------
>>
>> to
>>
>> ------------------------------
>> # Check for Kerberos keytab
>> if [?! -f "$keytab" ]
>> then
>> ?? logger "Required keytab $keytab not found, it needs to be
created."
>> ?? ...
>> ------------------------------
>>
>> Thanks for your work
>
> Thanks for pointing that out, thought I had changed them all, I have 
> now (hopefully)
>
> Rowland
>