I still receive the old DHCP Gateway ip address.
While I changed this IP address so far as I know on all the policies. (LDAP, and DHCP)
Any Idea, how I can resolve this issue?
Make sure you really updated all DHCP routing policies, e.g. run the following command on the command-line:
udm policies/dhcp_routing list
You should also check that the correct policies are referenced: either use the “UMC Domain” module “Policies” to list all policies of type “Policy: DHCP routing”, open each in turn and see the tab “Referencing objects”, which containers use them, or run the following command on the command-line:
univention-ldapsearch -LLLo ldif-wrap=no "univentionPolicyReference=*" dn univentionPolicyReference
The DHCP daemon should be restarted automatically via the Univention Directory Listener; you can do that manually on the command line via
service isc-dhcp-server restart
or using the “UMC Systems” module “System services” to restart named service.
If that still does not resolve your problem, edit the file /etc/dhcp/dhcpd.conf, remove the # before ldap-debug-file, restart the daemon and post the content of the file /var/log/dhcp-ldap-startup.log which should help us pinpoint, if the right policies get applied.
Last question: are you sure you don’t have another DHCP service running in your network? Make sure you have all other DHCP services an your routers turned off.
Let me start with the latest question:
On my PFSence there was a dhcp relay active, which redirect to the univention server.
When I run a IPCONFIG /all it show me the right DHCP and DNS server.[quote=“pmhahn, post:2, topic:5765”]
If that still does not resolve your problem, edit the file /var/log/dhcp-ldap-startup.log, remove the # before ldap-debug-file,
[/quote]
I can’t find this file
Thanks, I found that already. but while nothing works, I uninstall, and reinstall DHCP.
Now the service failed to start. So I didn’t any info in the debug file.
As a workaround I enable the DHCP services on my PF Sense router.
Yes, I ment /etc/dhcp/dhcpd.conf - I edited my post.
If dhcpd fails to start, try to start dhcpd manually from the command line:
dhcpd -d -t
Please also check your DNS configuration, e.g.
ucr search --brief ^dns/forwarder[123]$ ^nameserver[123]$
dhcpd fails to start when not all DNS servers are servers of the UCS domain; you may also call
/usr/share/univention-server/univention-fix-ucr-dns -d
to see if anything is wrong with the DNS configuration.
1 Like
root@DHCPC002:~# /usr/share/univention-server/univention-fix-ucr-dns -d
2017-05-18 10:59:16,797 INFO main.ucr/fwd Found forwarder 212.54.40.25 from UCRV dns/forwarder1
2017-05-18 10:59:16,800 INFO main.ucr/fwd Found forwarder 212.54.35.25 from UCRV dns/forwarder2
2017-05-18 10:59:16,800 INFO main.ucr/ns Found server 10.0.1.8 from UCRV nameserver1
2017-05-18 10:59:16,800 INFO main.ucr/ns Found server 10.0.1.2 from UCRV nameserver2
2017-05-18 10:59:16,803 INFO main.val Validated UCS domain server: 10.0.1.8
2017-05-18 10:59:16,805 INFO main.val Validated UCS domain server: 10.0.1.2
2017-05-18 10:59:16,805 INFO main.xor Skip removing nameservers from forwarders
2017-05-18 10:59:16,806 INFO main No action required.
root@DHCP002:~# dhcpd -d -t
Internet Systems Consortium DHCP Server 4.3.1
Copyright 2004-2014 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Config file: /etc/dhcp/dhcpd.conf
Database file: /var/lib/dhcp/dhcpd.leases
PID file: /var/run/dhcpd.pid
Cannot find host LDAP entry DHCP002 (&(objectClass=dhcpServer)(cn=DHCP002))
Configuration file errors encountered – exiting
If you think you have received this message due to a bug rather
than a configuration issue please read the section on submitting
bugs on either our web page at www.isc.org or in the README file
before submitting a bug. These pages explain the proper
process and the information we find helpful for debugging…
exiting.
When I see this one: > Cannot find host LDAP entry DHCP002 (&(objectClass=dhcpServer)(cn=DHCP002))
And review the LDAP settings, this server is on the DC , and on the DHCP in LDAP
Maybe you can find the reason via strace.
Try the following commands:
univention-install strace
strace -o /tmp/dhcp.strace -f dhcpd -d -t
Afterwards, you can post /tmp/dhcp.strace.
Thanks,
Stefan
Cannot find host LDAP entry DHCP002 (&(objectClass=dhcpServer)(cn=DHCP002))
Please check if a LDAP search for that entry works:
univention-ldapsearch '(&(objectClass=dhcpServer)(cn=DHCP002))'
Do you have the UCR variable dhcpd/ldap/base set? Check ucr get dhcpd/ldap/base.
By default it should not be set, in which case the dhcpd will fall back to use cn=dhcp,${ldap/base} as the starting point for that search.
Inside that container should be the “DHCP Service” object, an directly inside that the “DHCP Server” object:
# univention-ldapsearch -LLLb "cn=dhcp,$(ucr get ldap/base)" '(|(objectClass=univentionDhcpService)(objectClass=dhcpServer))' structuralObjectClass
dn: cn=XXX.TLD,cn=dhcp,dc=XXX,dc=TLD
structuralObjectClass: univentionDhcpService
dn: cn=master,cn=XXX.TLD,cn=dhcp,dc=XXX,dc=TLD
structuralObjectClass: dhcpServer
The message you’re seeing is that the dhcpServer object was not found, which is used by dhcpd to find the service, the daemon should provide.
If you have dhcpd/ldap/base set to use it, make sure you have the corresponding DHCP Server entry therein.
If that sill doesn’t resolve your problem, use the strace command to verify, which LDAP server is queried by your dhcpd:
# strace -e connect -f dhcpd -d -t
PID connect(6, {sa_family=AF_INET, sin_port=htons(7389), sin_addr=inet_addr("10.200.AA.BB")}, 16) = 0
Thanks for all your support, this solve the issue!