You are not logged in.
Dear forum,
i'm setting up samba as an ADDC. A lot of things are already up and running ;-) I'm following a mixture of "Samba 4" Handbook from Stefan Kania, ArchWiki and GentooWiki. Right now I'm in trouble with updating the dns server dynamically, if a windows client connects using dhcp. The script i've copied and modified is from https://aur.archlinux.org/packages/samba-dhcpd-update/. Calling it manually as user root, I can add and remove my entries to the dns server. If it is called from isc-dhcp-daemon, it fails because the dhcpd-daemon is running under user dhcp. The scripts checks for a valid TGT-ticket, but it fails. Here is the output:
Quote:
klist: krb5_cc_get_principal: get-principal open(/tmp/krb5cc_0): Permission denied
The script calls klist like this
Quote:
klist -v -c /tmp/krb5cc_0 -t
I've been following the guide from https://wiki.archlinux.org/index.php/Sa … oller#NTPD, section "DHCP with dynamic DNS updates".
How can I solve this dhcp-user/root-user issue with kerberos ..... ?
Many thanks and have fun,
blubberbaer
UPS: I should mention that I'm using the internal samba dns. I have to admit that I'm running gentoo. Hope you don't mind ;-)
Offline
Dear forum,
i've made a litte step forward:
I've changed the execute lines in dhcpd.conf to:
CODE:
execute("/usr/bin/sudo","/usr/local/sbin/samba/dhcpd-update-samba-dns.sh", "add", ClientIP, ClientName);
allowing the user dhcp with sudo to execute the script as root. This helps with the permission problem for kerberos. Don't know though if this is smart.
Running in a different problem now. Releasing a dhcp lease gives me the following error:
CODE:
Feb 4 19:37:10 clumsy dhcpd[9779]: data: host_decl_name: not available
Feb 4 19:37:10 clumsy dhcpd[9779]: execute_statement argv[0] = /usr/bin/sudo
Feb 4 19:37:10 clumsy dhcpd[9779]: execute_statement argv[1] = /usr/local/sbin/samba/dhcpd-update-samba-dns.sh
Feb 4 19:37:10 clumsy dhcpd[9779]: execute_statement argv[2] = delete
Feb 4 19:37:10 clumsy dhcpd[9779]: execute_statement argv[3] = 10.20.40.100
Feb 4 19:37:10 clumsy dhcpd[9779]: execute: bad arg 4
and dhcpd-update-samba-dns.sh is not executed.
my dhcp.conf file for the release section contains:
on release {
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
set ClientName = pick-first-value(option host-name, host-decl-name);
execute("/usr/bin/sudo","/usr/local/sbin/samba/dhcpd-update-samba-dns.sh", "delete", ClientIP, ClientName);
}
Thanks again,
blubberbaer
Offline
Another one. Might be solved now:
My dhcpd.conf looks like this:
subnet 10.20.40.0 netmask 255.255.255.0 {
range 10.20.40.100 10.20.40.199;
option subnet-mask 255.255.255.0;
option routers 10.20.40.254;
option domain-name "xxx.xxxx";
option domain-name-servers 10.20.40.254;
option broadcast-address 10.20.40.255;
default-lease-time 120;
max-lease-time 120;
authoritative;
on commit {
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
set ClientName = pick-first-value(option host-name, host-decl-name);
execute("/usr/bin/sudo","/usr/local/sbin/samba/dhcpd-update-samba-dns.sh", "add", ClientIP, ClientName);
}
on release {
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
#set ClientName = pick-first-value(option host-name, host-decl-name);
execute("/usr/bin/sudo","/usr/local/sbin/samba/dhcpd-update-samba-dns.sh", "delete", ClientIP, ClientName);
}
on expiry {
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
#set ClientName = pick-first-value(option host-name, host-decl-name);
execute("/usr/bin/sudo","/usr/local/sbin/samba/dhcpd-update-samba-dns.sh", "delete", ClientIP, ClientName);
}
}
Notice, that I've commented the offending line out. Going home now. Thing is working.
Offline