search for: dhcpduser

...s_with_B IND9 GSSAPI Error: start_gssrequest tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = No credentials found with supported encryption types (filename: /tmp/dhcp-dyndns.cc). Here is my keytab file: ktutil -k /etc/dhcpduser.keytab list /etc/dhcpduser.keytab: Vno Type Principal Aliases 2 aes256-cts-hmac-sha1-96 dhcpduser at PROD.CORP.INT <mailto:dhcpduser at PROD.CORP.INT> 2 aes128-cts-hmac-sha1-96 dhcpduser at PROD.CORP.INT <mailto:dhcpduser at PROD.CORP.INT...

...d (mgmt01) via eno1 > This shows the script is being run with the correct data, but for some reason, your kerberos key isn't correct What is in your ticket ? Running 'klist -ce /tmp/dhcp-dyndns.cc' on my DC produces this: Ticket cache: FILE:/tmp/dhcp-dyndns.cc Default principal: dhcpduser at SAMDOM.EXAMPLE.COM Valid starting Expires Service principal 11/01/19 10:12:50 11/01/19 20:12:50 krbtgt/SAMDOM.EXAMPLE.COM at SAMDOM.EXAMPLE.COM renew until 12/01/19 10:12:50, Etype (skey, tkt): aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96 11/01/19 10:12:50 11/01/19 20:12...

...la.com NSEC3: no valid signature found May 23 10:49:12 S4 named[2162]: samba_dlz: starting transaction on zone ariane.intra May 23 10:49:12 S4 named[2162]: samba_dlz: allowing update of signer=dhcpduser\@ARIANE.INTRA name=HP-CZC2097TDR.ariane.intra tcpaddr=127.0.0.1 type=A key=2495538840.sig-s4.ariane.intra/160/0 May 23 10:49:12 S4 named[2162]: samba_dlz: allowing update of signer=dhcpduser\@ARIANE.INTRA name=HP-CZC2097TDR.ariane.intra tcpaddr=127.0.0.1 type=A key=2495538840.sig-s4.ariane.intra...

...gt; > > > > > > > > > > > > > > > > > > > > > > > > > May 23 10:49:12 S4 named[2162]: samba_dlz: starting transaction on > zone ariane.intra > May 23 10:49:12 S4 named[2162]: samba_dlz: allowing update of > signer=dhcpduser\@ARIANE.INTRA name=HP-CZC2097TDR.ariane.intra > tcpaddr=127.0.0.1 type=A key=2495538840.sig-s4.ariane.intra/160/0 > May 23 10:49:12 S4 named[2162]: samba_dlz: allowing update of > signer=dhcpduser\@ARIANE.INTRA name=HP-CZC2097TDR.ariane.intra > tcpaddr=127.0.0.1 type=A key=2495538840...

...orrect data, but for some >> reason, your kerberos key isn't correct >> >> What is in your ticket ? >> >> Running 'klist -ce /tmp/dhcp-dyndns.cc' on my DC produces this: >> >> Ticket cache: FILE:/tmp/dhcp-dyndns.cc >> Default principal: dhcpduser at SAMDOM.EXAMPLE.COM >> >> Valid starting    Expires            Service principal >> 11/01/19 10:12:50  11/01/19 20:12:50  krbtgt/SAMDOM.EXAMPLE.COM at SAMDOM.EXAMPLE.COM >>     renew until 12/01/19 10:12:50, Etype (skey, tkt): aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1...

...init with the keytab created in the script instructions above won?t work as samba4 doesn?t seem to like the encryption type. Use -e arcfour-hmac-md5 with the addent command instead. The first script posted on the blog states # keytab can be generated using # $ ktutil # ktutil: addent -password -p dhcpduser at EXAMPLE.COM -k 1 -e aes256-cts-hmac-sha1-96 # Password for dhcpduser at EXAMPLE.COM: # ktutil: wkt dhcpduser.keytab # ktutil: quit but next changes in Using samba AD DC I used # keytab can be generated using the Samba4 tool: # samba-tool domain exportkeytab /etc/dhcpd/dhcpduser.keytab --princ...

...e script is being run with the correct data, but for some > reason, your kerberos key isn't correct > > What is in your ticket ? > > Running 'klist -ce /tmp/dhcp-dyndns.cc' on my DC produces this: > > Ticket cache: FILE:/tmp/dhcp-dyndns.cc > Default principal: dhcpduser at SAMDOM.EXAMPLE.COM > > Valid starting    Expires            Service principal > 11/01/19 10:12:50  11/01/19 20:12:50  krbtgt/SAMDOM.EXAMPLE.COM at SAMDOM.EXAMPLE.COM >     renew until 12/01/19 10:12:50, Etype (skey, tkt): aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96 > 11/01/...

...reason, your kerberos key isn't correct > >> > >> What is in your ticket ? > >> > >> Running 'klist -ce /tmp/dhcp-dyndns.cc' on my DC produces this: > >> > >> Ticket cache: FILE:/tmp/dhcp-dyndns.cc > >> Default principal: dhcpduser at SAMDOM.EXAMPLE.COM > >> > >> Valid starting    Expires            Service principal > >> 11/01/19 10:12:50  11/01/19 20:12:50 > >> krbtgt/SAMDOM.EXAMPLE.COM at SAMDOM.EXAMPLE.COM > >>     renew until 12/01/19 10:12:50, Etype (skey, tkt): > >&gt...

... 119 25 apr 16.13 /etc/dhcp drwxr-xr-x   2 root root   28 25 apr 16.06 /etc/dhcp/bin/ Because the dhcpd daemon do not have the right to access to /etc/dhcp folder Solution 1: I have move the bin directory to /etc/samba and modify the dhcpd.conf. Problem 2: At line 46 the Script test -f /etc/dhcp/dhcpduser.keytab but do not can access to it for the previous problem (inaccessible /etc/dhcp/ dir), then at line 47 show an mistaken error message "Required keytab /etc/dhcpduser.keytab not found," Solution 2: I have move dhcpduser.keytab file to /etc/samba and modify the script (see attachment)....

...oblem partially. The problem was due to the fact that I do not have winbind installed because Samba 4, Bind9 and isc-dhcp-server are on the same server. I commented on these lines in the script dhcp-dyndns.sh and it worked (on commit and on release but not on expiry ) #TESTUSER=$(wbinfo -u | grep dhcpduser) #if [ -z "${TESTUSER}" ]; then # echo "No AD dhcp user exists, need to create it first.. exiting." # echo "you can do this by typing the following commands" # echo "kinit Administrator@${REALM}" # echo "samba-tool user create dhcpduser --ran...

...t; # krbcc ticket cache export KRB5CCNAME="/tmp/dhcp-dyndns.cc" # Variables supplied by dhcpd.conf action=$1 ip=$2 DHCID=$3 name=${4%%.*} # Check for valid kerberos ticket _KERBEROS () { klist -c /tmp/dhcp-dyndns.cc -s if [ "$?" != "0" ]; then     kinit -F -k -t /etc/dhcpduser.keytab -c /tmp/dhcp-dyndns.cc "dhcpduser at CORP.<DOMAIN>.COM"     if [ "$?" != "0" ]; then         exit 1;     fi fi } # Exit if no ip address or mac-address if [ -z "${ip}" ] || [ -z "${DHCID}" ]; then     exit 1; fi # Exit if no computer na...

...ave not another dhcp server. dnsmasq is not configured. I think the problem may be permissions. Which distribution linux do you use, Ubuntu? I was tracing the script code dhcp-dyndns.sh, when the execution on the first line fails Is correct this instructions in Debian: chown root:root /etc/dhcp/dhcpduser.keytab chmod 400 /etc/dhcp/dhcpduser.keytab ----- Mensaje original ----- De: "samba" <samba at lists.samba.org> Para: "samba" <samba at lists.samba.org> Enviados: Sábado, 7 de Octubre 2017 18:19:59 Asunto: Re: [Samba] bind9 and isc-dhcp-Server for dynamic DNS-upd...

...9 SAMBA dhcpd[4635]: execute_statement argv[2] = 192.168.0.104 Aug 13 14:32:29 SAMBA dhcpd[4635]: execute_statement argv[3] = 60:6d:3c:09:6a:52 Aug 13 14:32:29 SAMBA dhcpd[4635]: execute_statement argv[4] = amazon-b550a4de2 Aug 13 14:32:29 SAMBA named[11842]: samba_dlz: allowing update of signer=dhcpduser\@HOME.LAN name=amazon-b550a4de2.HOME.LAN tcpaddr=127.0.0.1 type=A key=365897329.sig-samba.home.lan/160/0 Aug 13 14:32:29 SAMBA named[11842]: samba_dlz: allowing update of signer=dhcpduser\@HOME.LAN name=amazon-b550a4de2.HOME.LAN tcpaddr=127.0.0.1 type=A key=365897329.sig-samba.home.lan/160/0 Aug...

...p 3 20:49:38 dc01 dhcpd: execute_statement argv[3] = 1:84:a6:c8:3b:da:7b Sep 3 20:49:38 dc01 dhcpd: execute_statement argv[4] = ThinkPad Sep 3 20:49:39 dc01 named[29751]: samba_dlz: starting transaction on zone example.com Sep 3 20:49:39 dc01 named[29751]: samba_dlz: allowing update of signer=dhcpduser\@EXAMPLE.COM name=ThinkPad.example.com tcpaddr=127.0.0.1 type=A key=361144448.sig-dc01.example.com/160/0 Sep 3 20:49:39 dc01 named[29751]: samba_dlz: allowing update of signer=dhcpduser\@EXAMPLE.COM name=ThinkPad.example.com tcpaddr=127.0.0.1 type=A key=361144448.sig-dc01.example.com/160/0 Sep...

...dhcpd[21975]: execute_statement argv[2] = 192.168.0.120 > Aug 13 19:47:44 SAMBA dhcpd[21975]: execute_statement argv[3] = b0:6e:bf:5f:f1:46 > Aug 13 19:47:44 SAMBA dhcpd[21975]: execute_statement argv[4] = BUERO-PC > Aug 13 19:47:44 SAMBA named[19244]: samba_dlz: allowing update of signer=dhcpduser\@HOME.LAN name=BUERO-PC.HOME.LAN tcpaddr=127.0.0.1 type=A key=4202548530.sig-samba.home.lan/160/0 > Aug 13 19:47:44 SAMBA named[19244]: samba_dlz: allowing update of signer=dhcpduser\@HOME.LAN name=BUERO-PC.HOME.LAN tcpaddr=127.0.0.1 type=A key=4202548530.sig-samba.home.lan/160/0 > Aug 13 19:...

This is my named.conf options { directory "/var/cache/bind"; notify no; empty-zones-enable no; auth-nxdomain yes; listen-on-v6 { none; }; forwarders { 192.168.10.3; 10.0.0.3; }; allow-query { 127.0.0.1/32; 192.168.16.0/24; }; allow-recursion { 127.0.0.1/32;

...ort KRB5CCNAME="/tmp/dhcp-dyndns.cc" +if [ -f "$KRB5CCNAME" -a ! -r "$KRB5CCNAME" ] +then + echo "File krbcc ticket cache $KRB5CCNAME is not readable. Remove it with 'rm -f $KRB5CCNAME'" + exit 1 +fi + # Kerberos principal SETPRINCIPAL="dhcpduser@${REALM}" # Kerberos keytab @@ -43,13 +49,15 @@ fi # Check for Kerberos keytab -if [ ! -f /etc/dhcp/dhcpduser.keytab ]; then - echo "Required keytab /etc/dhcpduser.keytab not found, it needs to be created." +dhcpduser_keytab='/etc/samba/dhcpduser.keytab' +#dhcpduser_k...

How is the reversed domain handled, or is it not. Rowland, you did not have that in your sample you cobbled together. In /usr/share/samba/setup/named.conf there is: zone "123.168.192.in-addr.arpa" in { type master; file "123.168.192.in-addr.arpa.zone"; update-policy { grant ${REALM_WC} wildcard *.123.168.192.in-addr.arpa. PTR;

Hey Rowland, Below is a cutdown version of my DHCP. As you can see, I haven't really set anything up for ddns-update. While using Samba4's internal DNS I had the setting 'ddns-update-style interim;' and it seemed to have worked fine. But with bind I'm not sure what else is needed. Thanks for taking a look at it. Philip # # DHCP Server Configuration file. # see

...mber1 dhcpd: execute_statement argv[3] = 1:1c:65:9d:9d:e6:94 May 18 06:33:40 member1 dhcpd: execute_statement argv[4] = EAPDEV-PC May 18 06:33:40 member1 named[1980]: samba_dlz: starting transaction on zone samdom.example.com May 18 06:33:40 member1 named[1980]: samba_dlz: allowing update of signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=EAPDEV-PC.samdom.example.com tcpaddr=127.0.0.1 type=A key=3578045150.sig-member1.samdom.example.com/160/0 May 18 06:33:40 member1 named[1980]: samba_dlz: allowing update of signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=EAPDEV-PC.samdom.example.com tcpaddr=127.0.0.1 type=A key=3...