On Thu, May 09, 2013 at 07:08:30PM +0200, steve wrote:
On 09/05/13 18:56, steve wrote:
On 09/05/13 18:36, steve wrote:
On 09/05/13 18:28, Jakub Hrozek wrote:
On Thu, May 09, 2013 at 03:28:25PM +0200, steve wrote:
On 09/05/13 15:03, steve wrote:
On 09/05/13 13:32, Jakub Hrozek wrote: >On Thu, May 09, 2013 at 01:00:02PM +0200, steve wrote: >>Hi >>sssd seems to be sending the wrong request to the DNS server: >> >>(Thu May 9 12:57:04 2013) [sssd[be[default]]] >>[ad_dyndns_nsupdate_done] (0x0040): DNS update finished >>(Thu May 9 12:57:06 2013) [sssd[be[default]]] >>[resolv_gethostbyname_done] (0x0040): querying hosts database failed >>[5]: Error de entrada/salida >>(Thu May 9 12:57:06 2013) [sssd[be[default]]] >>[nsupdate_get_addrs_done] (0x0040): Could not resolve address for >>this machine, error [5]: Error de entrada/salida, resolver returned: >>[11]: Could not contact DNS servers > >The logs are telling you that the SSSD cannot resolve the machine's >host >name. Can you try overriding it with "ad_hostname" or adding the >hostname to /ec/hosts ?
Hi I added: ad_hostname = pinoso.hh3.site to sssd.conf. It was already in /etc/hosts
Now the request is sent and we can see it on the Samba4 DC:
Tkey handshake completed Got a dns update request. update count is 1 Looking at record: discard_const(update): struct dns_res_rec name : 'pinoso.hh3.site' rr_type : DNS_QTYPE_A (0x1) rr_class : DNS_QCLASS_IN (0x1) ttl : 0x00000e10 (3600) length : 0x0004 (4) rdata : union dns_rdata(case 0x1) ipv4_record : 192.168.1.100 unexpected : DATA_BLOB length=0 Terminating connection - 'dns_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[dns_tcp_call_loop: tstream_read_pdu_blob_recv()
- NT_STATUS_CONNECTION_DISCONNECTED]
Terminating connection - 'dns_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' (Thu May 9 14:55:21 2013) [sssd[be[default]]]
But the IP is not updated. We changed it from 192.168.1.100 to 192.168.1.101. It does update if we reboot the machine
[sdap_dyndns_update_done] (0x0080): nsupdate failed, retrying with server name ; TSIG error with server: tsig verify failure ; TSIG error with server: tsig verify failure ; TSIG error with server: tsig verify failure update failed: SERVFAIL (Thu May 9 14:55:21 2013) [sssd[be[default]]] [child_sig_handler] (0x0020): child [1809] failed with status [2]. (Thu May 9 14:55:21 2013) [sssd[be[default]]] [nsupdate_child_handler] (0x0040): Dynamic DNS child failed with status [512] (Thu May 9 14:55:21 2013) [sssd[be[default]]] [be_nsupdate_done] (0x0040): nsupdate child execution failed [1432158226]: Dynamic DNS update failed (Thu May 9 14:55:21 2013) [sssd[be[default]]] [ad_dyndns_sdap_update_done] (0x0040): Dynamic DNS update failed [1432158226]: Dynamic DNS update failed (Thu May 9 14:55:21 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done] (0x0040): Updating DNS entry failed [1432158226]: Dynamic DNS update failed (Thu May 9 14:55:36 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done] (0x0040): DNS update finished (Thu May 9 14:55:52 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done] (0x0040): DNS update finished (Thu May 9 14:56:08 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done] (0x0040): DNS update finished
It is sending the old IP. 101 is the old IP. We changed it to 100, restarted the network, removed the cache and restarted sssd:
If you restarted the SSSD, then it *should* pick up the new address.
There are two ways a client can learn what IP address to use for dynamic DNS update: 1) retrieve the address automatically from the socket that is used to connect to the LDAP server. This is the default. 2) You can set the dyndns_iface option to name of an interface and then all addresses from that interface will be used during the update. I presume you are using 1), then without SSSD restart the old address might still be read from the socket I guess, but since you say you restarted the sssd, then I would expect it to pick up a new address.
Does this client use DHCP or only static addresses? Any chance the DHCP server might clobber the new address you set?
Hi This works: Start sssd set the IP login and out as ad user change the IP login again sssd consults the server and the IP is updated. Perfect!
A little more explanation -- there are two ways the client performs the update: 1) when the back end transitions from "offline" to "online" state 2) Periodically. Currently the dyndns_refresh_interval option defaults to 86400 seconds (24 hours).
You can simulate the online transition by sending SIGUSR1 to the SSSD to tell it to go offline, then SIGUSR2 to go back online. See man sssd(8) for more info on the signals.
Works with both static and dhcp IP changes.
Sorry. Only works with static IP changes. What would we do to get it working for dhcp too?
Anything easier (automatic even) than: sudo dhclient -r sudo dhclient eth0
Do you know if the client picked the new address from DHCP? (the syslog would tell I guess). If you need to renew the lease, then maybe it was still using the old address?