Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
136
Directory and Authentication / Re: Dynamic DNS not working? DHCP
« on: March 14, 2022, 12:56:37 pm »
Hi,
It's the reverse zone update which produces the error.
As you can see, the zone '0.168.192.in-addr.arpa.' is giving non 0 exit code. So, it fails.
I did a quick test and it worked in my env. Below all the trace in the log file '/var/log/syslog' when I configure the IP address of a Windows 7 computer as DHCP (this computer does not belong to the domain):
And then, I checked the zone through Samba and the computer (w7cl01) was added correctly:
I recommend you to compare all my information from my test env with yours.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
It's the reverse zone update which produces the error.
Code: [Select]
Mar 13 10:05:45 apolo sh[1206]: + nsupdate -g -d
Mar 13 10:05:45 apolo sh[1206]: Sending update to 127.0.0.1#53
Mar 13 10:05:45 apolo sh[1206]: Outgoing update query:
Mar 13 10:05:45 apolo sh[1206]: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 38967
Mar 13 10:05:45 apolo sh[1206]: ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 2, ADDITIONAL: 1
Mar 13 10:05:45 apolo sh[1206]: ;; ZONE SECTION:
Mar 13 10:05:45 apolo sh[1206]: ;0.168.192.in-addr.arpa.#011#011IN#011SOA
Mar 13 10:05:45 apolo sh[1206]: ;; UPDATE SECTION:
Mar 13 10:05:45 apolo sh[1206]: 129.0.168.192.in-addr.arpa. 0#011ANY#011PTR
Mar 13 10:05:45 apolo sh[1206]: 129.0.168.192.in-addr.arpa. 3600 IN#011PTR#011computer0142.domain.local.
Mar 13 10:05:45 apolo sh[1206]: ;; TSIG PSEUDOSECTION:
Mar 13 10:05:45 apolo sh[1206]: domain.local.#011#0110#011ANY#011TSIG#011hmac-md5.sig-alg.reg.int. 1647183945 300 16 Ydfh3gHQ+6JpafevDI/ugw== 38967 NOERROR 0
Mar 13 10:05:45 apolo sh[1206]: Reply from update query:
Mar 13 10:05:45 apolo sh[1206]: ;; ->>HEADER<<- opcode: UPDATE, status: NOTAUTH, id: 38967
Mar 13 10:05:45 apolo sh[1206]: ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
Mar 13 10:05:45 apolo sh[1206]: ;; ZONE SECTION:
Mar 13 10:05:45 apolo sh[1206]: ;0.168.192.in-addr.arpa.#011#011IN#011SOA
Mar 13 10:05:45 apolo sh[1206]: ;; TSIG PSEUDOSECTION:
Mar 13 10:05:45 apolo sh[1206]: domain.local.#011#0110#011ANY#011TSIG#011hmac-md5.sig-alg.reg.int. 1647183945 300 16 bHQ2fl/tXHqapHt7WnY9Pg== 38967 NOERROR 0
Mar 13 10:05:45 apolo sh[1206]: + result2=2
Mar 13 10:05:45 apolo sh[1206]: + result=02
Mar 13 10:05:45 apolo sh[1206]: + '[' 02 '!=' 00 ']'
Mar 13 10:05:45 apolo sh[1206]: + logger 'DHCP-DNS Update failed: 02'
As you can see, the zone '0.168.192.in-addr.arpa.' is giving non 0 exit code. So, it fails.
I did a quick test and it worked in my env. Below all the trace in the log file '/var/log/syslog' when I configure the IP address of a Windows 7 computer as DHCP (this computer does not belong to the domain):
Code: [Select]
Mar 14 12:44:02 zentyal named[11380]: resolver priming query complete
Mar 14 12:44:04 zentyal dhcpd[11742]: DHCPDISCOVER from 08:00:27:12:b1:0f via eth1
Mar 14 12:44:05 zentyal dhcpd[11742]: DHCPOFFER on 192.168.62.50 to 08:00:27:12:b1:0f (w7cl01) via eth1
Mar 14 12:44:05 zentyal dhcpd[11742]: Commit: IP: 192.168.62.50 DHCID: 08:00:27:12:b1:0f Name: w7cl01
Mar 14 12:44:05 zentyal dhcpd[11742]: execute_statement argv[0] = /usr/share/zentyal-dhcp/dhcp-dyndns.sh
Mar 14 12:44:05 zentyal dhcpd[11742]: execute_statement argv[1] = add
Mar 14 12:44:05 zentyal dhcpd[11742]: execute_statement argv[2] = 192.168.62.50
Mar 14 12:44:05 zentyal dhcpd[11742]: execute_statement argv[3] = 08:00:27:12:b1:0f
Mar 14 12:44:05 zentyal dhcpd[11742]: execute_statement argv[4] = w7cl01
Mar 14 12:44:05 zentyal sh[11742]: ++ grep -v SBINDIR
Mar 14 12:44:05 zentyal sh[11742]: ++ grep BINDIR
Mar 14 12:44:05 zentyal sh[11742]: ++ awk '{print $NF}'
Mar 14 12:44:05 zentyal sh[11742]: ++ samba -b
Mar 14 12:44:05 zentyal sh[11742]: + BINDIR=/usr/bin
Mar 14 12:44:05 zentyal sh[11742]: + WBINFO=/usr/bin/wbinfo
Mar 14 12:44:05 zentyal sh[11742]: ++ hostname -d
Mar 14 12:44:05 zentyal sh[11742]: + domain=zentyal-domain.lan
Mar 14 12:44:05 zentyal sh[11742]: + '[' -z zentyal-domain.lan ']'
Mar 14 12:44:05 zentyal sh[11742]: ++ echo ZENTYAL-DOMAIN.LAN
Mar 14 12:44:05 zentyal sh[11742]: + REALM=ZENTYAL-DOMAIN.LAN
Mar 14 12:44:05 zentyal sh[11742]: + NSUPDFLAGS=-d
Mar 14 12:44:05 zentyal sh[11742]: + export KRB5CCNAME=/tmp/dhcp-dyndns.cc
Mar 14 12:44:05 zentyal sh[11742]: + KRB5CCNAME=/tmp/dhcp-dyndns.cc
Mar 14 12:44:05 zentyal sh[11742]: + SETPRINCIPAL=dhcpduser@ZENTYAL-DOMAIN.LAN
Mar 14 12:44:05 zentyal sh[11742]: ++ /usr/bin/wbinfo -u
Mar 14 12:44:05 zentyal sh[11742]: + TESTUSER='ZENTYAL-DOMAIN\administrator
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\guest
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\krbtgt
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\dns-zentyal
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\admindc
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\andrea
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\maria
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\abraham
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\zentyal-mail-zentyal
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\dhcpduser | grep '\''dhcpduser'\'')'
Mar 14 12:44:05 zentyal sh[11742]: + '[' -z 'ZENTYAL-DOMAIN\administrator
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\guest
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\krbtgt
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\dns-zentyal
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\admindc
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\andrea
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\maria
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\abraham
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\zentyal-mail-zentyal
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\dhcpduser | grep '\''dhcpduser'\'')' ']'
Mar 14 12:44:05 zentyal sh[11742]: + '[' '!' -f /etc/dhcp/samba-keys/dhcpduser.keytab ']'
Mar 14 12:44:05 zentyal sh[11742]: + action=add
Mar 14 12:44:05 zentyal sh[11742]: + ip=192.168.62.50
Mar 14 12:44:05 zentyal sh[11742]: + DHCID=08:00:27:12:b1:0f
Mar 14 12:44:05 zentyal sh[11742]: + name=w7cl01
Mar 14 12:44:05 zentyal sh[11742]: + '[' -z 192.168.62.50 ']'
Mar 14 12:44:05 zentyal sh[11742]: + '[' -z 08:00:27:12:b1:0f ']'
Mar 14 12:44:05 zentyal sh[11742]: + '[' w7cl01 = '' ']'
Mar 14 12:44:05 zentyal sh[11742]: ++ awk -F . '{print $4"."$3"."$2"."$1".in-addr.arpa"}'
Mar 14 12:44:05 zentyal sh[11742]: ++ echo 192.168.62.50
Mar 14 12:44:05 zentyal sh[11742]: + ptr=50.62.168.192.in-addr.arpa
Mar 14 12:44:05 zentyal sh[11742]: ++ awk -F . '{print $3"."$2"."$1".in-addr.arpa"}'
Mar 14 12:44:05 zentyal sh[11742]: ++ echo 192.168.62.50
Mar 14 12:44:05 zentyal sh[11742]: + rzone=62.168.192.in-addr.arpa
Mar 14 12:44:05 zentyal sh[11742]: ++ cut -d '"' -f 2
Mar 14 12:44:05 zentyal sh[11742]: ++ grep secret
Mar 14 12:44:05 zentyal sh[11742]: ++ grep -A 2 zentyal-domain.lan
Mar 14 12:44:05 zentyal sh[11742]: ++ cat /etc/dhcp/ddns-keys/keys
Mar 14 12:44:05 zentyal sh[11742]: + secret=a/cmVSVMYXAW7ERsbOuKag==
Mar 14 12:44:05 zentyal sh[11742]: + case "${action}" in
Mar 14 12:44:05 zentyal sh[11742]: + _KERBEROS
Mar 14 12:44:05 zentyal sh[11742]: ++ date '+%d-%m-%y %H:%M:%S'
Mar 14 12:44:05 zentyal sh[11742]: + test='14-03-22 12:44:05'
Mar 14 12:44:05 zentyal sh[11742]: + klist -c /tmp/dhcp-dyndns.cc -s
Mar 14 12:44:05 zentyal sh[11742]: + '[' 1 '!=' 0 ']'
Mar 14 12:44:05 zentyal sh[11742]: + logger '14-03-22 12:44:05 [dyndns] : Getting new ticket, old one has expired'
Mar 14 12:44:05 zentyal dhcpd: 14-03-22 12:44:05 [dyndns] : Getting new ticket, old one has expired
Mar 14 12:44:05 zentyal sh[11742]: + kinit -F -k -t /etc/dhcp/samba-keys/dhcpduser.keytab -c /tmp/dhcp-dyndns.cc dhcpduser@ZENTYAL-DOMAIN.LAN
Mar 14 12:44:05 zentyal sh[11742]: + '[' 0 '!=' 0 ']'
Mar 14 12:44:05 zentyal sh[11742]: + nsupdate -g -d
Mar 14 12:44:05 zentyal sh[11742]: Reply from SOA query:
Mar 14 12:44:05 zentyal sh[11742]: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26802
Mar 14 12:44:05 zentyal sh[11742]: ;; flags: qr aa ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
Mar 14 12:44:05 zentyal sh[11742]: ;; QUESTION SECTION:
Mar 14 12:44:05 zentyal sh[11742]: ;w7cl01.zentyal-domain.lan.#011IN#011SOA
Mar 14 12:44:05 zentyal sh[11742]: ;; AUTHORITY SECTION:
Mar 14 12:44:05 zentyal sh[11742]: zentyal-domain.lan.#0110#011IN#011SOA#011zentyal.zentyal-domain.lan. hostmaster.zentyal-domain.lan. 29 900 600 86400 3600
Mar 14 12:44:05 zentyal sh[11742]: Found zone name: zentyal-domain.lan
Mar 14 12:44:05 zentyal sh[11742]: The master is: zentyal.zentyal-domain.lan
Mar 14 12:44:05 zentyal sh[11742]: start_gssrequest
Mar 14 12:44:05 zentyal sh[11742]: send_gssrequest
Mar 14 12:44:05 zentyal sh[11742]: Outgoing update query:
Mar 14 12:44:05 zentyal sh[11742]: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56665
Mar 14 12:44:05 zentyal sh[11742]: ;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
Mar 14 12:44:05 zentyal sh[11742]: ;; QUESTION SECTION:
Mar 14 12:44:05 zentyal sh[11742]: ;1967011370.sig-zentyal.zentyal-domain.lan. ANY TKEY
Mar 14 12:44:05 zentyal sh[11742]: ;; ADDITIONAL SECTION:
Mar 14 12:44:05 zentyal sh[11742]: 1967011370.sig-zentyal.zentyal-domain.lan. 0 ANY TKEY gss-tsig. 1647258245 1647258245 3 NOERROR 1419 YIIFhwYJKoZIhvcSAQICAQBuggV2MIIFcqADAgEFoQMCAQ6iBwMFACAA AACjggRiYYIEXjCCBFqgAwIBBaEUGxJaRU5UWUFMLURPTUFJTi5MQU6i LDAqoAMCAQGhIzAhGwNETlMbGnplbnR5YWwuemVudHlhbC1kb21haW4u bGFuo4IEDTCCBAmgAwIBF6EDAgEBooID+wSCA/dwET6+L0kL0k9cF1GL BTpZI72uSU0MD7vQBgAK/l6Vj0bqVf+i+o93MbT7KwGeKJx3EeLNb6Nn nFGlUzvSdlDlqixC+ygOaQdX1AgWl/kpSK+iMRrMVJh8lHSamNQxmkPv spqXaOzDNhl3Z2C0Xkd3XDRB5dquEWDCNx7rAZHS/ivewsh5txHJQj++ 7u6/jMf0a/Ph/BYCtbm9pzUgSswp877GLMQEqHX/QEUqRwMZQYL7qagi pLdDIQP6bWbzKurF3FnlE1ARrp7jYY5I6W9EjbfHG7odA865vunr957A DrRG8+A1oHT73iC+Lx9WMtRG7Ml6VVUL16Jv6sXfBLohOBySY/Xwt3rs 0kI+sqstZDaRabb560DIWpF1sA73uDwRRHRsdKU0yBW858nL3s+t0HM6 U++kYIxvUgm0GK+wROEvOm4+rKkePkLcyPMgIW+QxKQhjBrC4ehtjgwv BSP6Xtp+RgVhMHlK0ZAntq69yRuaHuCAwVkBF9mrrmNynrFxL02OHa1z 7OtbIknPeh7GzHuIhzyh4KQ6Y+9+916WTeVx2hTrPTtsS3uwbdT/1IZH zwFTdX7S2YK+XqIcjBYo6VLa+n62GDUpDjXNJ47L32J/6+Jt+YfJEW78 3o2HT6gp6wrsdKU/KDUreRQ/BBgoZwvB+Ox742F97H2nvSXnYMB0cLq+ /zWKW+EFFf0lOu/Jo05vpyYXbkX7dTGKIJJd450jVLA01MWHvTllakPK e1huAey1gRsFo9A1dE0YP2PxbNamNndl6UaXq2athSTFRQwB/n/MZSdD +rQGp9XQosIQnUWlTytZORGYdGGDoKtmQI/DIEwK7gipI430pT4nMlld PMeOmKj9LBuUGML4LZ+Um3JZUZnpQ6zEvf8afn98yyiCcgdztaWZA4jt o8LejY8vTFJdnGyn1h8yTH/rnd2x24bJZl/an7nTQ4QpsVfVhFbhlLwR E6/LAi1lQqCBml6I+pY3+FaT6/ZKhm1AjU8TD04gVCk7uVzCgu6Q2I4v CJpJ3f9IDW3jbl5S1/7rVxQ+laPzIoVHFtLdSh166mBwngx9LGpL5mMP yqQXi3c/R6XQvObRNJ13tH9PR9nL7PlvEj/vY53qKqnSAn3XuZWx3wOD zNPb+ktQoySukT+MGyQQEyGSzdrtsFBRw60eQJ9kuMuS/FefkxLOuw9x 14K8sgFpCeFmOy9W0PIa5hp6SioW6LswLPvJfUolQqw+4IX5eWbmMvSL gTSZOlHxIdVaSiHG62Ug8CRVOPUstKC1wdtTsm3kDOnkZI01eoq4i66J FSb2cUjSB1ZvUCIyoy1EKdePtG9MmEuK3d6zhH1th4WR8g8xpIH2MIHz oAMCAReigesEgeglf7GulAEd9V2ZFXgvUIrKwhQ8+rVoDPOCFGK4+pv3 IrXHOdIWS8/m9FE6bpcqwM7GyREaSznYHLHIB8rkPkMoibZyw5hSIKaJ sNiZlGZkY4liNAHNhf1wBU1T6b/Brv5kl/Tw+lyjctf8naoyvCZYFu1R +bylEri3/28Av11kpK9y2OHs8qYbz21o0oX+Vw4NwMcJJ6VrBaHTUCC7 kD2r9Me3yMUTCsjtcapUeBiJACp70KG2DcWoFx/bh/uCdDn8I0MfSc0b jvXJdWcvZ3lQCiX8lsFkSwm+y+Z6SIEgmq+6V8psNUIk 0
Mar 14 12:44:05 zentyal sh[11742]: recvmsg reply from GSS-TSIG query
Mar 14 12:44:05 zentyal sh[11742]: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56665
Mar 14 12:44:05 zentyal sh[11742]: ;; flags: qr ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
Mar 14 12:44:05 zentyal sh[11742]: ;; QUESTION SECTION:
Mar 14 12:44:05 zentyal sh[11742]: ;1967011370.sig-zentyal.zentyal-domain.lan. ANY TKEY
Mar 14 12:44:05 zentyal sh[11742]: ;; ANSWER SECTION:
Mar 14 12:44:05 zentyal sh[11742]: 1967011370.sig-zentyal.zentyal-domain.lan. 0 ANY TKEY gss-tsig. 1647258245 1647261845 3 NOERROR 152 YIGVBgkqhkiG9xIBAgICAG+BhTCBgqADAgEFoQMCAQ+idjB0oAMCARei bQRrKon8O+IwDTFYnKLrR7FzRyICLBwhYN1GzQSGcge4yFAW6UuYjh2g 03lxTpka6F5C44MhKXSNJSP7PwmOuATVjYASqeMbXkMSyP8B4h9uJTlB 3tGZYcEUKy8cxL4Qi+lplFrsNqajpsX92as= 0
Mar 14 12:44:05 zentyal sh[11742]: Sending update to 127.0.0.1#53
Mar 14 12:44:05 zentyal sh[11742]: Outgoing update query:
Mar 14 12:44:05 zentyal sh[11742]: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 7101
Mar 14 12:44:05 zentyal sh[11742]: ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 2, ADDITIONAL: 1
Mar 14 12:44:05 zentyal sh[11742]: ;; UPDATE SECTION:
Mar 14 12:44:05 zentyal sh[11742]: w7cl01.zentyal-domain.lan. 0#011ANY#011A
Mar 14 12:44:05 zentyal sh[11742]: w7cl01.zentyal-domain.lan. 3600#011IN#011A#011192.168.62.50
Mar 14 12:44:05 zentyal sh[11742]: ;; TSIG PSEUDOSECTION:
Mar 14 12:44:05 zentyal sh[11742]: 1967011370.sig-zentyal.zentyal-domain.lan. 0 ANY TSIG gss-tsig. 1647258245 300 28 BAQE//////8AAAAAFXp/7B58xb5O9MHTGJqrQw== 7101 NOERROR 0
Mar 14 12:44:05 zentyal named[11380]: samba_dlz: starting transaction on zone zentyal-domain.lan
Mar 14 12:44:05 zentyal named[11380]: samba_dlz: allowing update of signer=dhcpduser\@ZENTYAL-DOMAIN.LAN name=w7cl01.zentyal-domain.lan tcpaddr=127.0.0.1 type=A key=1967011370.sig-zentyal.zentyal-domain.lan/160/0
Mar 14 12:44:05 zentyal named[11380]: samba_dlz: allowing update of signer=dhcpduser\@ZENTYAL-DOMAIN.LAN name=w7cl01.zentyal-domain.lan tcpaddr=127.0.0.1 type=A key=1967011370.sig-zentyal.zentyal-domain.lan/160/0
Mar 14 12:44:05 zentyal named[11380]: client @0x7f2ce513b740 127.0.0.1#41943/key dhcpduser\@ZENTYAL-DOMAIN.LAN: updating zone 'zentyal-domain.lan/NONE': deleting rrset at 'w7cl01.zentyal-domain.lan' A
Mar 14 12:44:05 zentyal named[11380]: client @0x7f2ce513b740 127.0.0.1#41943/key dhcpduser\@ZENTYAL-DOMAIN.LAN: updating zone 'zentyal-domain.lan/NONE': adding an RR at 'w7cl01.zentyal-domain.lan' A 192.168.62.50
Mar 14 12:44:05 zentyal named[11380]: samba_dlz: added rdataset w7cl01.zentyal-domain.lan 'w7cl01.zentyal-domain.lan.#0113600#011IN#011A#011192.168.62.50'
Mar 14 12:44:05 zentyal named[11380]: samba_dlz: subtracted rdataset zentyal-domain.lan 'zentyal-domain.lan.#0113600#011IN#011SOA#011zentyal.zentyal-domain.lan. hostmaster.zentyal-domain.lan. 29 900 600 86400 3600'
Mar 14 12:44:05 zentyal named[11380]: samba_dlz: added rdataset zentyal-domain.lan 'zentyal-domain.lan.#0113600#011IN#011SOA#011zentyal.zentyal-domain.lan. hostmaster.zentyal-domain.lan. 30 900 600 86400 3600'
Mar 14 12:44:05 zentyal named[11380]: samba_dlz: committed transaction on zone zentyal-domain.lan
Mar 14 12:44:05 zentyal sh[11742]: Reply from update query:
Mar 14 12:44:05 zentyal sh[11742]: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 7101
Mar 14 12:44:05 zentyal sh[11742]: ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
Mar 14 12:44:05 zentyal sh[11742]: ;; ZONE SECTION:
Mar 14 12:44:05 zentyal sh[11742]: ;zentyal-domain.lan.#011#011IN#011SOA
Mar 14 12:44:05 zentyal sh[11742]: ;; TSIG PSEUDOSECTION:
Mar 14 12:44:05 zentyal sh[11742]: 1967011370.sig-zentyal.zentyal-domain.lan. 0 ANY TSIG gss-tsig. 1647258245 300 28 BAQF//////8AAAAADUVZ+FPqG82uAV/BPt0bTw== 7101 NOERROR 0
Mar 14 12:44:05 zentyal sh[11742]: + result1=0
Mar 14 12:44:05 zentyal sh[11742]: + nsupdate -g -d
Mar 14 12:44:05 zentyal sh[11742]: Sending update to 127.0.0.1#53
Mar 14 12:44:05 zentyal named[11380]: client @0x7f2ce523cf60 127.0.0.1#58713/key zentyal-domain.lan: updating zone '62.168.192.in-addr.arpa/IN': deleting rrset at '50.62.168.192.in-addr.arpa' PTR
Mar 14 12:44:05 zentyal named[11380]: client @0x7f2ce523cf60 127.0.0.1#58713/key zentyal-domain.lan: updating zone '62.168.192.in-addr.arpa/IN': adding an RR at '50.62.168.192.in-addr.arpa' PTR w7cl01.zentyal-domain.lan.
Mar 14 12:44:05 zentyal sh[11742]: Outgoing update query:
Mar 14 12:44:05 zentyal sh[11742]: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 64981
Mar 14 12:44:05 zentyal sh[11742]: ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 2, ADDITIONAL: 1
Mar 14 12:44:05 zentyal sh[11742]: ;; ZONE SECTION:
Mar 14 12:44:05 zentyal sh[11742]: ;62.168.192.in-addr.arpa.#011IN#011SOA
Mar 14 12:44:05 zentyal sh[11742]: ;; UPDATE SECTION:
Mar 14 12:44:05 zentyal sh[11742]: 50.62.168.192.in-addr.arpa. 0#011ANY#011PTR
Mar 14 12:44:05 zentyal sh[11742]: 50.62.168.192.in-addr.arpa. 3600 IN#011PTR#011w7cl01.zentyal-domain.lan.
Mar 14 12:44:05 zentyal sh[11742]: ;; TSIG PSEUDOSECTION:
Mar 14 12:44:05 zentyal sh[11742]: zentyal-domain.lan.#0110#011ANY#011TSIG#011hmac-md5.sig-alg.reg.int. 1647258245 300 16 TZKwChtckcx1L4PVqS8hzA== 64981 NOERROR 0
Mar 14 12:44:05 zentyal sh[11742]: Reply from update query:
Mar 14 12:44:05 zentyal sh[11742]: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 64981
Mar 14 12:44:05 zentyal sh[11742]: ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
Mar 14 12:44:05 zentyal sh[11742]: ;; ZONE SECTION:
Mar 14 12:44:05 zentyal sh[11742]: ;62.168.192.in-addr.arpa.#011IN#011SOA
Mar 14 12:44:05 zentyal sh[11742]: ;; TSIG PSEUDOSECTION:
Mar 14 12:44:05 zentyal sh[11742]: zentyal-domain.lan.#0110#011ANY#011TSIG#011hmac-md5.sig-alg.reg.int. 1647258245 300 16 RRXEWnCVhJp+0KtGq9lIjA== 64981 NOERROR 0
Mar 14 12:44:05 zentyal sh[11742]: + result2=0
Mar 14 12:44:05 zentyal sh[11742]: + result=00
Mar 14 12:44:05 zentyal sh[11742]: + '[' 00 '!=' 00 ']'
Mar 14 12:44:05 zentyal sh[11742]: + logger 'DHCP-DNS Update succeeded'
Mar 14 12:44:05 zentyal dhcpd: DHCP-DNS Update succeeded
Mar 14 12:44:05 zentyal sh[11742]: + exit 00
Mar 14 12:44:05 zentyal dhcpd[11742]: DHCPREQUEST for 192.168.62.50 (192.168.62.1) from 08:00:27:12:b1:0f (w7cl01) via eth1
Mar 14 12:44:05 zentyal dhcpd[11742]: DHCPACK on 192.168.62.50 to 08:00:27:12:b1:0f (w7cl01) via eth1
And then, I checked the zone through Samba and the computer (w7cl01) was added correctly:
Code: [Select]
samba-tool dns query 127.0.0.1 zentyal-domain.lan @ ALL -Uadmindc
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:127.0.0.1[,sign]
Cannot do GSSAPI to an IP address
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
Password for [ZENTYAL-DOMAIN\admindc]:
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
Name=, Records=3, Children=0
SOA: serial=30, refresh=900, retry=600, expire=86400, minttl=3600, ns=zentyal.zentyal-domain.lan., email=hostmaster.zentyal-domain.lan. (flags=600000f0, serial=29, ttl=3600)
NS: zentyal.zentyal-domain.lan. (flags=600000f0, serial=29, ttl=259200)
A: 192.168.62.1 (flags=600000f0, serial=29, ttl=259200)
Name=_kerberos, Records=1, Children=0
TXT: "zentyal-domain.lan" (flags=f0, serial=5, ttl=259200)
Name=_msdcs, Records=0, Children=0
Name=_sites, Records=0, Children=1
Name=_tcp, Records=0, Children=5
Name=_udp, Records=0, Children=3
Name=DomainDnsZones, Records=0, Children=2
Name=ForestDnsZones, Records=0, Children=2
Name=shares, Records=1, Children=0
CNAME: zentyal.zentyal-domain.lan. (flags=f0, serial=28, ttl=259200)
Name=w7cl01, Records=1, Children=0
A: 192.168.62.50 (flags=f0, serial=29, ttl=3600)
Name=zentyal, Records=1, Children=0
A: 192.168.62.1 (flags=f0, serial=28, ttl=259200)
I recommend you to compare all my information from my test env with yours.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
137
Directory and Authentication / Re: Dynamic DNS not working? DHCP
« on: March 11, 2022, 12:36:49 pm »
Hi,
To confirm if the issue is caused by Apparmor, you can run the following command:
Also, you can add 'set -x' in the second line of the script (/usr/share/zentyal-dhcp/dhcp-dyndns.sh) in order to enable the debug mode. Then, you can check again the log files and check what commands are failing (probably, you will need to restart the DHCP or DC module).
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
To confirm if the issue is caused by Apparmor, you can run the following command:
Code: [Select]
sudo egrep -i apparmor /var/log/syslog
Also, you can add 'set -x' in the second line of the script (/usr/share/zentyal-dhcp/dhcp-dyndns.sh) in order to enable the debug mode. Then, you can check again the log files and check what commands are failing (probably, you will need to restart the DHCP or DC module).
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
138
Spanish / Re: Zentyal 7 no carga el Dashboard después de actualizar.
« on: March 08, 2022, 10:54:26 am »Hola instalé Zentyal 7 y realice las configuraciones basicas como controlador de dominio principal, dns, y servidor de correo. Luego de esto me percaté que no estaba recibiendo correo de cuentas externas al servidor, en los logs de mi servidor decia que no encontraba el usuario en el ldap. Entonces procedi a actualizar el servidor. Luego de actualizar y sin configurar nada mas ya recibe correos de cuentas externas pero ahora cuado pongo el usuario y la contraseña para entrar al Dashboard se cuelga y nunca llega a cargarlo. Si pudieran ayudarme. Gracias.
¿Has revisado si el servidor va bien de recursos?
Code: [Select]
htop
df -h
¿Probaste a parar temporalmente e iniciar nuevamente el módulo de Webadmin?
Code: [Select]
sudo zs webadmin stop
sudo zs webadmin start
Un saludo.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
139
Installation and Upgrades / Re: Trying to recover a completely broken system after 7.0 Upgrade
« on: February 21, 2022, 10:02:23 am »
Hi,
In case you still have the issue, below you have the workaround developed by Zentyal for Radius module during the upgrade:
* https://github.com/zentyal/zentyal/blob/support/6.2/main/core/src/scripts/release-upgrade#L219
Also, there is a link in the documentation where explains some common issues that could occur after the upgrade:
* https://doc.zentyal.org/en/upgrade.html#troubleshooting
Regarding the message 'FATAL: Could not connect to samba LDAP server: connect: Permission denied', you need to analyse the following log files in order to identify the location of that 'permission denied'.
* /var/log/zentyal/zentyal.log
* /var/log/syslog
* /var/log/samba/samba.log
Finally, you must check if Ubuntu was upgraded and also, if some of the Zentyal modules too. Below you have the commands that you must run:
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
In case you still have the issue, below you have the workaround developed by Zentyal for Radius module during the upgrade:
* https://github.com/zentyal/zentyal/blob/support/6.2/main/core/src/scripts/release-upgrade#L219
Also, there is a link in the documentation where explains some common issues that could occur after the upgrade:
* https://doc.zentyal.org/en/upgrade.html#troubleshooting
Regarding the message 'FATAL: Could not connect to samba LDAP server: connect: Permission denied', you need to analyse the following log files in order to identify the location of that 'permission denied'.
* /var/log/zentyal/zentyal.log
* /var/log/syslog
* /var/log/samba/samba.log
Finally, you must check if Ubuntu was upgraded and also, if some of the Zentyal modules too. Below you have the commands that you must run:
Code: [Select]
## To see if Ubuntu was upgrade
lsb_release -a
## To get the version of each module
dpkg -l | egrep 'zen(buntu|tyal)-'
## To get the packages that are not correctly installed oh held
dpkg -l | egrep -v '^ii'
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
140
Installation and Upgrades / Re: how can i Bock usb to sepcifc Organizational Unit???
« on: February 14, 2022, 03:59:49 pm »
Hi,
There is not difference between how to create and manage GPOs in a Windows server or in a Zentyal server. So, you just need to figure how that task is done in a Windows server out.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
There is not difference between how to create and manage GPOs in a Windows server or in a Zentyal server. So, you just need to figure how that task is done in a Windows server out.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
141
Other modules / Re: Error after RNDC Reload
« on: February 04, 2022, 10:51:10 am »
Hi,
If I were you, I'll do the following:
1. Check the owner of the FSMO roles:
2. Ensure that there is connection between the owner of the FSMO roles and your Zentyal server.
3. If your Zentyal server does not owns the FSMO roles, make sure that the Domain controller that owns them it is working correctly, and also, check that there is not any firewall rule that could be blocking the Samba's ports.
* https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage
4. Fix the issues with the internal database of Samba:
5. Make a mark in the important log files:
6. Through Zentyal GUI, disable the modules: Domain Controller and DNS.
7. Through Zentyal GUI, enable DNS module, save changes, check its status and analyze the log files from step 5..
8. Do the same but with Domain Controller module.
NOTE: The above steps could cause a system failure, specially from step 4, so, make sure that you have a backup of your Zentyal server.
Hope it helps you.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
If I were you, I'll do the following:
1. Check the owner of the FSMO roles:
Code: [Select]
sudo samba-tool fsmo show
2. Ensure that there is connection between the owner of the FSMO roles and your Zentyal server.
Code: [Select]
ping ns1.indomaret.group
3. If your Zentyal server does not owns the FSMO roles, make sure that the Domain controller that owns them it is working correctly, and also, check that there is not any firewall rule that could be blocking the Samba's ports.
* https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage
4. Fix the issues with the internal database of Samba:
Code: [Select]
sudo samba-tool dbcheck --fix --yes
5. Make a mark in the important log files:
Code: [Select]
for i in /var/log/zentyal/zentyal.log /var/log/syslog /var/log/samba/samba.log; do echo "#### DEBUGGING" | sudo tee -a $i; done
6. Through Zentyal GUI, disable the modules: Domain Controller and DNS.
7. Through Zentyal GUI, enable DNS module, save changes, check its status and analyze the log files from step 5..
8. Do the same but with Domain Controller module.
NOTE: The above steps could cause a system failure, specially from step 4, so, make sure that you have a backup of your Zentyal server.
Hope it helps you.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
142
Other modules / Re: Error after RNDC Reload
« on: February 03, 2022, 10:46:19 am »
Hi,
According the log file, your Domain Controller module cannot contact with the server that has the FSMO roles (ns1.indomaret.group). You should check that.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
According the log file, your Domain Controller module cannot contact with the server that has the FSMO roles (ns1.indomaret.group). You should check that.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
143
Other modules / Re: Error after RNDC Reload
« on: January 28, 2022, 11:52:55 am »
Hi,
Did you check which errors do you get in the following log files?
* /var/log/zentyal/zentyal.log
* /var/log/syslog
Also, did you check if the internal database of Samba has errors?
Below you have more information about 'dbcheck' subcommand.
* https://wiki.samba.org/index.php/Dbcheck
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
Did you check which errors do you get in the following log files?
* /var/log/zentyal/zentyal.log
* /var/log/syslog
Also, did you check if the internal database of Samba has errors?
Code: [Select]
sudo samba-tool dbcheck --cross-ncs
Below you have more information about 'dbcheck' subcommand.
* https://wiki.samba.org/index.php/Dbcheck
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
144
Installation and Upgrades / Re: Error output: kinit: Password incorrect
« on: January 28, 2022, 11:49:14 am »
Hi,
You could try to rebuild the user, below you have the link to do it, just remember to have a backup of your Zentyal server.
* https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Reconfiguring_the_BIND9_DLZ_Back_End
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
You could try to rebuild the user, below you have the link to do it, just remember to have a backup of your Zentyal server.
* https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Reconfiguring_the_BIND9_DLZ_Back_End
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
145
Directory and Authentication / Re: Errors joining Zentyal 7 as a secondary DC to Zentyal 5.1
« on: January 28, 2022, 11:46:11 am »
Hi Alxndr,
The special DNS user is always called 'dns-hostname_of_the_machine'. In your case, it is 'dns-largo' as you can see.
You have 4702 errors from 5041 objects, which are a lot of errors. Probably those errors are cause of your issue during the join. Before run the command (samba-tool dbcheck --cross-ncs --fix --yes) to try to fix them, make sure to have a backup of your Zentyal server. And after the fixes, do several tests to confirm that the domain controller is stable.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
The special DNS user is always called 'dns-hostname_of_the_machine'. In your case, it is 'dns-largo' as you can see.
You have 4702 errors from 5041 objects, which are a lot of errors. Probably those errors are cause of your issue during the join. Before run the command (samba-tool dbcheck --cross-ncs --fix --yes) to try to fix them, make sure to have a backup of your Zentyal server. And after the fixes, do several tests to confirm that the domain controller is stable.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
146
Directory and Authentication / Re: Errors joining Zentyal 7 as a secondary DC to Zentyal 5.1
« on: January 26, 2022, 04:16:23 pm »
Hi,
I recommend you to do the following in order to try to join the Zentyal 7 as ADC of Zentyal 5.0 DC:
1. Check that there is not any record about Zentyal 7.0 after the try in your domain.
2. Check the status of your Zentyal 5.0 server, you should use download the following script and run it in your Zentyal. The most important part in your case is the function called 'dc_check'.
* https://github.com/zentyal/zentyal/blob/master/main/core/src/scripts/smart-admin-report
3. Check that the domain users 'krbtgt' and 'Guest' are located in the original location, which is 'Users' container. Below an example:
NOTE: As you can see, both domain users are located at the container (CN) 'Users'.
I saw a few times errors during the join caused mainly for:
1. Errors in the internal database of SAmba, which you will be able to see them if you run the script from step 2. You can get more information below:
* https://wiki.samba.org/index.php/Dbcheck
2. When the user 'krbtgt' was moved to other location (step 3).
Finally, in case you cannot join the Zentyal 7 as ADC, you could try to do a migration using the feature 'Import and export', in your case, you will need to download the script from the repository.
* https://doc.zentyal.org/en/directory.html#importing-and-exporting-users-and-groups
* (groups-export.pl, groups-import.pl, users-export.pl and users-import.pl) https://github.com/zentyal/zentyal/tree/master/main/samba/src/scripts
Hope it helps you.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
I recommend you to do the following in order to try to join the Zentyal 7 as ADC of Zentyal 5.0 DC:
1. Check that there is not any record about Zentyal 7.0 after the try in your domain.
Code: [Select]
## To see if there was created a DNS user for Zentyal 7
ldbsearch -H /var/lib/samba/private/sam.ldb sAMAccountName='dns-zen7adc'
2. Check the status of your Zentyal 5.0 server, you should use download the following script and run it in your Zentyal. The most important part in your case is the function called 'dc_check'.
* https://github.com/zentyal/zentyal/blob/master/main/core/src/scripts/smart-admin-report
3. Check that the domain users 'krbtgt' and 'Guest' are located in the original location, which is 'Users' container. Below an example:
Code: [Select]
ldbsearch -H /var/lib/samba/private/sam.ldb sAMAccountName='krbtgt' dn
dn: CN=krbtgt,CN=Users,DC=zentyal-domain,DC=lan
ldbsearch -H /var/lib/samba/private/sam.ldb sAMAccountName='Guest' dn
dn: CN=Guest,CN=Users,DC=zentyal-domain,DC=lan
NOTE: As you can see, both domain users are located at the container (CN) 'Users'.
I saw a few times errors during the join caused mainly for:
1. Errors in the internal database of SAmba, which you will be able to see them if you run the script from step 2. You can get more information below:
* https://wiki.samba.org/index.php/Dbcheck
2. When the user 'krbtgt' was moved to other location (step 3).
Finally, in case you cannot join the Zentyal 7 as ADC, you could try to do a migration using the feature 'Import and export', in your case, you will need to download the script from the repository.
* https://doc.zentyal.org/en/directory.html#importing-and-exporting-users-and-groups
* (groups-export.pl, groups-import.pl, users-export.pl and users-import.pl) https://github.com/zentyal/zentyal/tree/master/main/samba/src/scripts
Hope it helps you.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
147
Other modules / Re: Zentyal 7.0 DHCP error
« on: January 18, 2022, 04:41:32 pm »
Hi,
First of all, you need to check the status of the package 'zentyal-dhcp':
Then, I recommend you to check if there is other package that is broken:
In case you have any broken package, you can try to fix them with the following command:
If the issue persists, then, analyze the following log files in order to get any information about the error:
* /var/log/zentyal/zentyal.log
* /var/log/syslog
* /var/log/dpkg.log
* /var/log/apt/
Also, you should check the disk space:
furthermore, you should take a look at apparmor, perhaps it is causing you the issue with this module.
Hope it helps.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever"
First of all, you need to check the status of the package 'zentyal-dhcp':
Code: [Select]
sudo dpkg -l zentyal-dhcp
Then, I recommend you to check if there is other package that is broken:
Code: [Select]
sudo dpkg -l | egrep -v '^ii'
In case you have any broken package, you can try to fix them with the following command:
Code: [Select]
sudo dpkg --configure -a
If the issue persists, then, analyze the following log files in order to get any information about the error:
* /var/log/zentyal/zentyal.log
* /var/log/syslog
* /var/log/dpkg.log
* /var/log/apt/
Also, you should check the disk space:
Code: [Select]
df -h
furthermore, you should take a look at apparmor, perhaps it is causing you the issue with this module.
Code: [Select]
sudo systemctl status apparmor
Hope it helps.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever"
148
Directory and Authentication / Re: one domain wide GPO to prevent thunderbird updates for all users
« on: January 18, 2022, 04:32:58 pm »
Hi,
The GPO must be created through RSAT tools. So, you need to use a Windows computer logged in the domain with an administrator user to create that policy.
NOTE: Don't forget to add the domain groups in the 'delegation' tab:
* domain users
* domain computers
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever"
The GPO must be created through RSAT tools. So, you need to use a Windows computer logged in the domain with an administrator user to create that policy.
NOTE: Don't forget to add the domain groups in the 'delegation' tab:
* domain users
* domain computers
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever"
149
Installation and Upgrades / Re: How can I remove a PC from zentyal ldap?
« on: January 03, 2022, 11:22:39 am »1. Open the web GUI for your Zentyal server in Firefox (not IE or Edge or Chrome or Opera or any other browser, just Firefox)
2. Browse to Users and Computers > Manage
3. Select the PC in question by clicking on it once with the mouse
4. Click on the trash can icon at the bottom of the users and computers window5. If prompted to make sure - choose OK or Yes or Just Do It
5. Look at the top right corner of the screen, if it says "Save Changes" then click on it and then click on the Save button.
DONE - easy peasy lemon squeezy
Hi All, I know it's been a while since the last post, but I have just tried to delete a PC from Zentyal 7.0.4 following these instructions, but the trash can icon is indeed not available "Greyed Out"
Hi,
That action must be done via CLI or through RSAT. Below you have two methods to remove a domain computer called 'W7CL01' from Zentyal itself via CLI:
Code: [Select]
# Option 1
sudo pdbedit -x -m W7CL01
# Option 2
sudo ldbdel -v -H /var/lib/samba/private/sam.ldb CN=W7CL01,CN=Computers,DC=lab5,DC=lan
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
150
Directory and Authentication / Re: Changing .local to .com Domain
« on: January 03, 2022, 11:17:08 am »
Hi,
The GPOs will be removed as well. So, you will need to make a backup of those GPO.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
The GPOs will be removed as well. So, you will need to make a backup of those GPO.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".