Author Topic: [SOLVED] Pre-Upgrade check 7.1.3 to 8.0 - possible issue in log /var/log/syslog  (Read 2548 times)

trvaa

  • Zen Apprentice
  • *
  • Posts: 32
  • Karma: +0/-0
    • View Profile
Checking the logs before upgrading from 7.1.3 to 8.0 the only entry I see that may be problematical is the following in /var/log/syslog

Aug 21 16:38:50 my-server sh[34182]: Required keytab /etc/dhcp/samba-keys/dhcpduser.keytab not found, it needs to be created.
Aug 21 16:38:50 my-server sh[34182]: Use the following commands as root
Aug 21 16:38:50 my-server sh[34182]: samba-tool domain exportkeytab --principal=dhcpduser@MYDOMAIN.LAN /etc/dhcp/samba-keys/dhcpduser.keytab
Aug 21 16:38:50 my-server sh[34182]: chown XXXX:XXXX /etc/dhcp/samba-keys/dhcpduser.keytab
Aug 21 16:38:50 my-server sh[34182]: Replace 'XXXX:XXXX' with the user & group that dhcpd runs as on your distro
Aug 21 16:38:50 my-server sh[34182]: chmod 400 /etc/dhcp/samba-keys/dhcpduser.keytab

The current system 7.1.3 appears to be functioning OK.

Does anyone know if this is spurious or does it need actioning?

Thanks
« Last Edit: August 23, 2024, 10:20:43 pm by trvaa »

trvaa

  • Zen Apprentice
  • *
  • Posts: 32
  • Karma: +0/-0
    • View Profile
Re: Pre-Upgrade check 7.1.3 to 8.0 - possible issue in log /var/log/syslog
« Reply #1 on: August 23, 2024, 01:15:24 pm »
OK it's Aug 23 12:09 and there are 141 views but no comment.

Could I ask in a slightly different way?

Could someone check if they have a /etc/dhcp/samba-keys/dhcpduser.keytab

ls -l /etc/dhcp/samba-keys/ should do it and indicate what XXXX:XXXX is - presumable root:dhcpd ?

Thanks

turalyon

  • Zen Warrior
  • ***
  • Posts: 204
  • Karma: +15/-0
    • View Profile
Re: Pre-Upgrade check 7.1.3 to 8.0 - possible issue in log /var/log/syslog
« Reply #2 on: August 23, 2024, 05:18:15 pm »
The special DHCP domain user (dhcpduser) is created by Zentyal when the Dynamic DHCP option is selected and the Domain Controller is enabled. Below you have two links with the configuration that Zentyal applies.

* https://github.com/zentyal/zentyal/blob/7.1/main/dhcp/src/EBox/DHCP.pm#L1162
* https://github.com/zentyal/zentyal/blob/7.1/main/dhcp/src/EBox/DHCP.pm#L1229

Also, note that in the log file /var/log/zentyal/zentyal.log you should have records like the following depending on your setup:

Code: [Select]
# If the domain user is present
Creating dhcpduser for dynamic dns DON'T NEED, ignore step

# If the domain user is created
Creating dhcpduser for dynamic dns



This world is ours, and by the Holy Light, we will keep it safe, now and forever.

trvaa

  • Zen Apprentice
  • *
  • Posts: 32
  • Karma: +0/-0
    • View Profile
Re: Pre-Upgrade check 7.1.3 to 8.0 - possible issue in log /var/log/syslog
« Reply #3 on: August 23, 2024, 05:48:21 pm »
thank you very much:

I have a dhcpuser and the  /var/log/zentyal/zentyal.log has:

 # If the domain user is present
Creating dhcpduser for dynamic dns DON'T NEED, ignore step

but I don't have:

/etc/dhcp/samba-keys/dhcpduser.keytab

I'm not sure why it was not created but it looks like I need to create it using the steps in the log

« Last Edit: August 23, 2024, 05:52:04 pm by trvaa »

trvaa

  • Zen Apprentice
  • *
  • Posts: 32
  • Karma: +0/-0
    • View Profile
Re: Pre-Upgrade check 7.1.3 to 8.0 - possible issue in log /var/log/syslog
« Reply #4 on: August 23, 2024, 06:50:13 pm »
However, on looking a bit further I do have:

/etc/dhcp/ddns-keys/keys

Which contains a secret key!

Is this for something else?

trvaa

  • Zen Apprentice
  • *
  • Posts: 32
  • Karma: +0/-0
    • View Profile
Re: Pre-Upgrade check 7.1.3 to 8.0 - possible issue in log /var/log/syslog
« Reply #5 on: August 23, 2024, 10:14:18 pm »
I have done the steps outlined in the first entry of this post and after un-enabling Dynamic DNS Options, then re-enabling all seems fine.

I can now reverse lookup IP addresses using nslookup.

There are now no errors in the logs.