Gelöst: DHCP Meldungen in /var/log/daemon.log

Pepe · October 19, 2018, 6:34pm

Hi - habe gerade mein System auf 4.3-2 errata286 hochgerüstet.

Bei der Systemdiagnose (UCS Master) gab es dann eine DNS Fehlermeldung und einem Link dem ich gefolgt bin - und am Ende des Weges dann auch in dem oben geschriebenen LOG-File.

Die DNS “Fehlermeldung” hatte sich nach dem ich dann auch den allerneusten Patch (287) eingespielt hatte erledigt - übrig blieb jedoch eine Anzahl von DHCP Meldungen:

Oct 19 19:58:56 ucs42 dhcpd[7640]: DHCPINFORM from 192.168.156.xx1 via eth0: not authoritative for subnet 192.168.156.0
Oct 19 19:58:56 ucs42 dhcpd[7640]: If this DHCP server is authoritative for that subnet,
Oct 19 19:58:56 ucs42 dhcpd[7640]: please write an `authoritative;' directive either in the
Oct 19 19:58:56 ucs42 dhcpd[7640]: subnet declaration or in some scope that encloses the
Oct 19 19:58:56 ucs42 dhcpd[7640]: subnet declaration - for example, write it at the top
Oct 19 19:58:56 ucs42 dhcpd[7640]: of the dhcpd.conf file.
Oct 19 19:59:01 ucs42 dhcpd[7640]: DHCPINFORM from 192.168.156.xx1 via eth0: not authoritative for subnet 192.168.156.0
Oct 19 20:07:47 ucs42 dhcpd[7640]: DHCPINFORM from 192.168.156.xx2 via eth0: not authoritative for subnet 192.168.156.0
Oct 19 20:08:59 ucs42 dhcpd[7640]: DHCPINFORM from 192.168.156.xx3 via eth0: not authoritative for subnet 192.168.156.0
Oct 19 20:09:01 ucs42 systemd[1]: Starting Clean php session files...
Oct 19 20:09:02 ucs42 systemd[1]: Started Clean php session files.
Oct 19 20:09:02 ucs42 dhcpd[7640]: DHCPINFORM from 192.168.156.xx1 via eth0: not authoritative for subnet 192.168.156.0
Oct 19 20:10:14 ucs42 dhcpd[7640]: DHCPINFORM from 192.168.156.xx1 via eth0: not authoritative for subnet 192.168.156.0
Oct 19 20:10:17 ucs42 dhcpd[7640]: DHCPINFORM from 192.168.156.xx1 via eth0: not authoritative for subnet 192.168.156.0
Oct 19 20:10:37 ucs42 dhcpd[7640]: LDAP server was down, trying to reconnect...
Oct 19 20:10:37 ucs42 dhcpd[7640]: DHCPREQUEST for 192.168.156.xx5 from 00:08:9b:f3:19:3e via eth0
Oct 19 20:10:37 ucs42 dhcpd[7640]: DHCPACK on 192.168.156.xx5 to 00:08:9b:f3:19:3e via eth0
Oct 19 20:11:20 ucs42 dhcpd[7640]: DHCPINFORM from 192.168.156.xx2 via eth0: not authoritative for subnet 192.168.156.0
Oct 19 20:11:23 ucs42 dhcpd[7640]: DHCPINFORM from 192.168.156.xx1 via eth0: not authoritative for subnet 192.168.156.0

Nun die Fragen

Sind die Meldungen normal? Habe im Log auch gesehen, dass diese Meldungen auch bereits unter 4.3-1 errata282 vorhanden waren.
Der “Hinweis” im Log (If this DHCP server is authoritative for that subnet …) verweist auf die dhcp.conf die ich von Hand anpassen soll. Öffnet man die Datei, steht da aber - diese Datei wird automatisch erzeugt. Darum die Frage - wo in der UCS Management Web-Oberfläche muss/kann man das eintragen.
Oder ist alles so wie es sein soll - also alles OK - was ja auch die System-Diagnose sagt

Schönen Abend noch - und danke für den aktuellen Patch (287).

Pepe

Pepe · October 19, 2018, 6:38pm

Kurze Ergänzung.

Der Inhalt der /etc/dhcp/dhcp.conf sieht wie folgt aus:

include "/etc/dhcp/univention.conf";
include "/etc/dhcp/local.conf";

option ldap-servers code 128 = array of ip-address;
option ldap-base code 129 = string;

ldap-server "ucs42.NAME-net.local";
ldap-dhcp-server-cn "ucs42";
ldap-username "cn=ucs42,cn=dc,cn=computers,dc=NAME-net,dc=local";
ldap-password-file "/etc/machine.secret";
ldap-port 7389;
ldap-base-dn "cn=dhcp,dc=NAME-net,dc=local";
ldap-method dynamic;

ahrnke · October 20, 2018, 9:24pm

Hallo,

ich würde hier auch gern auf eine Dokumentation verweisen, nur weiß ich auch nicht, wo das steht.
Über die Informationen in https://forge.univention.org/bugzilla/show_bug.cgi?id=23402 kann man irgendwie erahnen, dass man eine Richtlinie “DHCP Verschiedenes” (DHCP Statements) benötigt und vermutlich dem Service zuordnen muss.

hth,
Dirk Ahrnke

Pepe · October 21, 2018, 5:41pm

Da bin ich aber froh das ich nicht der einzige bin

ahrnke · October 22, 2018, 11:34am

Then lets try to document this also for those who can not translate from german:

Problem

/var/log/daemon.log shows entries like

Oct 19 20:09:02 ucs42 dhcpd[7640]: DHCPINFORM from 192.168.156.xx1 via eth0: not authoritative for subnet 192.168.156.0

Explanation
The configuration is missing the “authoritative” statement

from man 5 dhcpd.conf:

The authoritative statement

         authoritative;

         not authoritative;

         The DHCP server will normally assume that the configuration information about a given network segment is not known to be correct and is not authoritative.  This is so that if a  naive  user
         installs  a  DHCP server not fully understanding how to configure it, it does not send spurious DHCPNAK messages to clients that have obtained addresses from a legitimate DHCP server on the
         network.

         Network administrators setting up authoritative DHCP servers for their networks should always write authoritative; at the top of their configuration file to indicate that  the  DHCP  server
         should  send  DHCPNAK  messages  to misconfigured clients.  If this is not done, clients will be unable to get a correct IP address after changing subnets until their old lease has expired,
         which could take quite a long time.

         Usually, writing authoritative; at the top level of the file should be sufficient.  However, if a DHCP server is to be set up so that it is aware of some networks for which it is authorita‐
         tive and some networks for which it is not, it may be more appropriate to declare authority on a per-network-segment basis.

         Note  that  the  most specific scope for which the concept of authority makes any sense is the physical network segment - either a shared-network statement or a subnet statement that is not
         contained within a shared-network statement.  It is not meaningful to specify that the server is authoritative for some subnets within a shared network, but not  authoritative  for  others,
         nor is it meaningful to specify that the server is authoritative for some host declarations and not others.

Solution

Given that the the DHCP-Service provided by UCS should act as authoritative it is required to add a “DHCP statements” policy as mentioned in Further DHCP policies which at least should contain the “authoritative” configuration.
Example:

# udm policies/dhcp_statements list

DN: cn=default dhcp statements,cn=statements,cn=dhcp,cn=policies,dc=...
  authoritative: yes
  boot-unknown-clients: None
  getLeaseHostnames: None
  ldapFilter: None
  name: default dhcp statements
  pingCheck: None
  serverIdentifier: None
  serverName: None

# udm dhcp/service list

DN: cn=servicename,cn=dhcp,...
  service: servicename
  ...
  univentionPolicyReference: cn=default dhcp statements,cn=statements,cn=dhcp,cn=policies,...

Christian_Voelker · October 22, 2018, 12:28pm

Done.

Thanks!

/CV

Pepe · October 26, 2018, 9:39pm

Klasse - und für die (wie mich) die Maus-Schubser - hier noch die Stellen in der Web-Oberfäche.

Unter Domaine --> DHCP --> RECHTS auf die Domaine klicken --> Polecies auswählen
Dann RECHTS unter “Policy DHCP Statement” --> Edit Policy öffnen

Ein Reboot ist nicht notwendig
Abfragen via Putty “udm policies/dhcp_statements list” --> Ergebnis sollte wie oben von “Ahrnke” sein
Abfragen via Putty “udm dhcp/service list” --> Ergebnis sollte wie oben von “Ahrnke” sein

Und schon gibt es keine “dhcpd[1838]” Meldungen mehr im Log.

Sollte ich noch etwas vergessen haben - bitte kurze Info oder aber selber ergänzen.

Beste Grüße
Pepe