DHCPD update DDNS with ipa
Andy Tomlin
atomlin at engineer.com
Thu Apr 3 02:52:48 UTC 2014
I am running Centos 6.5 and have installed ipa to allow all our linux
machines to authenticate. We have windows machines that get their ip address
from server and since installing ipa the ddns no longer works. Googling
around does not show much help. The key files match.
My named.conf is as follows:
[root at alfred ~]# cat /etc/named.conf
options {
// turns on IPv6 for port 53, IPv4 is on by default for all ifaces
listen-on-v6 {any;};
listen-on port 53 { 127.0.0.1; 10.0.1.2; };
// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // the default
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
//forward first;
//forwarders {
// 192.168.1.254;
// 8.8.8.8;
//};
// Any host is permitted to issue recursive queries
allow-recursion { any; };
tkey-gssapi-credential "DNS/alfred.xxxxxxx.com";
tkey-domain "xxxxxxx.COM";
};
include "/etc/named/ddns.key";
/* If you want to enable debugging, eg. using the 'rndc trace' command,
* By default, SELinux policy does not allow named to modify the /var/named
directory,
* so put the default debug log file in data/ :
*/
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
dynamic-db "ipa" {
library "ldap.so";
arg "uri ldapi://%2fvar%2frun%2fslapd-xxxxxxx-COM.socket";
arg "base cn=dns, dc=xxxxxxx,dc=com";
arg "fake_mname alfred.xxxxxxx.com.";
arg "auth_method sasl";
arg "sasl_mech GSSAPI";
arg "sasl_user DNS/alfred.xxxxxxx.com";
arg "zone_refresh 0";
arg "psearch yes";
arg "serial_autoincrement yes";
};
My dhcpd.conf is as follows:
[root at alfred ~]# cat /etc/dhcp/dhcpd.conf
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
# option definitions common to all supported networks...
option domain-name "xxxxxxx.com";
option domain-name-servers 10.0.1.2, 8.8.8.8, 8.8.4.4;
ddns-updates on;
ddns-update-style interim;
ignore client-updates;
update-static-leases on;
default-lease-time 600;
max-lease-time 7200;
# Use this to enble / disable dynamic dns updates globally.
#ddns-update-style none;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
#subnet 10.152.187.0 netmask 255.255.255.0 {
#}
include "/etc/dhcp/ddns.key";
zone xxxxxxx.com. {
primary 127.0.0.1;
key DDNS_UPDATE;
}
zone 2.0.10.in-addr.arpa. {
primary 127.0.0.1;
key DDNS_UPDATE;
}
# This is a very basic subnet declaration.
subnet 10.0.0.0 netmask 255.255.0.0 {
range 10.0.2.50 10.0.2.250;
option routers 10.0.1.2;
}
[root at alfred ~]#
When windows client gets a dhcp address, the following is in the log
[root at alfred ~]# tail -n50 /var/log/messages
Apr 2 19:40:50 alfred named[8491]: client 127.0.0.1#59786: updating zone
'xxxxxxx.com/IN': update failed: rejected by secure update (REFUSED)
Apr 2 19:40:50 alfred dhcpd: Unable to add forward map from
atomlin.xxxxxxx.com to 10.0.2.51: timed out
Apr 2 19:40:50 alfred dhcpd: DHCPREQUEST for 10.0.2.51 from
0c:54:a5:08:5f:cc (atomlin) via eth0
Apr 2 19:40:50 alfred dhcpd: DHCPACK on 10.0.2.51 to 0c:54:a5:08:5f:cc
(atomlin) via eth0
[root at alfred ~]#
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20140402/9243579e/attachment.html>
More information about the dhcp-users
mailing list