DHCP Server geht nach Update zu UCS 4.3 nicht mehr

jo316 · June 2, 2018, 10:49am

Die Clients erhalten keine Addressen mehr.

Nach einem systemctl start univention-dhcp.service steht in den Logs folgendes:

journalctl -u univention-dhcp:

Jun 02 12:41:16 ucs systemd[1]: Starting LSB: DHCP server...
Jun 02 12:41:16 ucs dhcpd[15081]: Internet Systems Consortium DHCP Server 4.3.5
Jun 02 12:41:16 ucs dhcpd[15081]: Copyright 2004-2016 Internet Systems Consortium.
Jun 02 12:41:16 ucs dhcpd[15081]: All rights reserved.
Jun 02 12:41:16 ucs dhcpd[15081]: For info, please visit https://www.isc.org/software/dhcp/
Jun 02 12:41:16 ucs univention-dhcp[15073]: dhcpd self-test failed with 1. Check /etc/dhcp/dhcpd.conf.
Jun 02 12:41:16 ucs univention-dhcp[15073]: The error was:
Jun 02 12:41:16 ucs univention-dhcp[15073]: Internet Systems Consortium DHCP Server 4.3.5
Jun 02 12:41:16 ucs univention-dhcp[15073]: Copyright 2004-2016 Internet Systems Consortium.
Jun 02 12:41:16 ucs univention-dhcp[15073]: All rights reserved.
Jun 02 12:41:16 ucs univention-dhcp[15073]: For info, please visit https://www.isc.org/software/dhcp/
Jun 02 12:41:16 ucs univention-dhcp[15073]: Configuration file errors encountered -- exiting
Jun 02 12:41:16 ucs univention-dhcp[15073]: If you think you have received this message due to a bug rather
Jun 02 12:41:16 ucs univention-dhcp[15073]: than a configuration issue please read the section on submitting
Jun 02 12:41:16 ucs univention-dhcp[15073]: bugs on either our web page at www.isc.org or in the README file
Jun 02 12:41:16 ucs univention-dhcp[15073]: before submitting a bug.  These pages explain the proper
Jun 02 12:41:16 ucs univention-dhcp[15073]: process and the information we find helpful for debugging..
Jun 02 12:41:16 ucs univention-dhcp[15073]: exiting.
Jun 02 12:41:21 ucs univention-dhcp[15073]: Starting DHCP server: dhcpdok: run: univention-dhcp: (pid 15102) 0s, normally down
Jun 02 12:41:21 ucs univention-dhcp[15073]: .
Jun 02 12:41:21 ucs systemd[1]: Started LSB: DHCP server.
Jun 02 12:42:17 ucs systemd[1]: Stopping LSB: DHCP server...
Jun 02 12:42:22 ucs univention-dhcp[15331]: Stopping DHCP server: dhcpdok: down: univention-dhcp: 0s
Jun 02 12:42:22 ucs univention-dhcp[15331]: .
Jun 02 12:42:22 ucs systemd[1]: Stopped LSB: DHCP server.

/var/log/dhcp-ldap-startup.log ist leer.

/etc/dhcp/dhcpd.conf (exakt die selbe wie vor dem Update):

include "/etc/dhcp/univention.conf";
include "/etc/dhcp/local.conf";

option ldap-servers code 128 = array of ip-address;
option ldap-base code 129 = string;

option wpad code 252 = text;

ldap-server "ucs.agele.local";
ldap-dhcp-server-cn "ucs";
ldap-username "cn=ucs,cn=dc,cn=computers,dc=agele,dc=local";
ldap-password-file "/etc/machine.secret";
ldap-port 7389;
ldap-base-dn "cn=dhcp,dc=agele,dc=local";
ldap-method dynamic;
ldap-debug-file "/var/log/dhcp-ldap-startup.log";

knebb · June 4, 2018, 6:24am

Check the included files for configuration errors, too:

And, have a look at /var/log/daemon.log, there might be some more information about failed startup.

jo316 · June 4, 2018, 2:21pm

Both files are emty.

The same error output as the journalctl output (see first entry).

knebb · June 5, 2018, 6:08am

You have a startup log configured. Have you checked this one?

I am pretty sure you will find something in the log files. If not, you can check configuration with:
dhcpd -t

Greetings

Moritz_Bunkus · June 5, 2018, 6:15am

Hey,

Die dhcpd.conf wird normalerweise aus einem Univention-Template erzeugt. Das Standardtemplate hat die Option ldap-debug-file auskommentiert. Da sie bei Ihnen hingegen aktiv ist, sieht es für mich so aus, als ob die dhcpd.conf entweder nicht aus der Vorlage neu erzeugt wurde, oder (wahrscheinlicher) dass die Vorlage manuell angepasst und während des Updates dann nicht auf die neue Version aktualisiert wurde.

Bitte führen Sie mal univention-check-templates aus. Es sollte modifizierte Vorlagen anzeigen.

Weiterhin sollten Sie prüfen, ob es zu /etc/univention/templates/files/etc/dhcp/dhcpd.conf eine .dpkg-dist gibt. Hier müssen Sie dann die neue Vorlage (die dhcpd.conf.dpkg-dist) aktivieren (in dhcpd.conf umbenennen) und die manuell gemachten Anpassungen in der neuen dhcpd.conf wieder anwenden.

Anschließend die Konfigurationsdatei neu erzeugen lassen: ucr commit /etc/dhcp/dhcpd.conf

Gruß
mosu

jo316 · June 7, 2018, 6:35am

Is empty.

Internet Systems Consortium DHCP Server 4.3.5
Copyright 2004-2016 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Configuration file errors encountered -- exiting

If you think you have received this message due to a bug rather
than a configuration issue please read the section on submitting
bugs on either our web page at www.isc.org or in the README file
before submitting a bug.  These pages explain the proper
process and the information we find helpful for debugging..

The Template dosn’t changed. I commented out only in the final dhcpd.conf the log output (ldap-debug-file).

No output for dhcpd.conf

There is no dpkg-dist file.

knebb · June 7, 2018, 6:58am

Result? Did it rewrite the configfile? Confirmed? Still no luck?

jo316 · June 7, 2018, 7:18am

No, the situation doesn’t changed.

Moritz_Bunkus · June 7, 2018, 8:16am

Hey,

I can reproduce such behavior if the host name given with ldap-host doesn’t exist. Please try the following two commands:

ldapsearch -ZZ -h ucs.agele.local -p 7389 -D cn=ucs,cn=dc,cn=computers,dc=agele,dc=local -y /etc/machine.secret -b cn=dhcp,dc=agele,dc=local -s base
host ucs.agele.local

m.

jo316 · June 8, 2018, 5:26am

# extended LDIF
#
# LDAPv3
# base <cn=dhcp,dc=agele,dc=local> with scope baseObject
# filter: (objectclass=*)
# requesting: ALL
#

# dhcp, agele.local
dn: cn=dhcp,dc=agele,dc=local
univentionObjectType: container/cn
description: Containing all DHCP Objects as per default Settings
cn: dhcp
univentionPolicyReference: cn=ucc-dhcp-gateway,cn=routing,cn=dhcp,cn=policies,dc=agele,dc=local
objectClass: dhcpOptions
objectClass: organizationalRole
objectClass: univentionPolicyReference
objectClass: univentionObject

# search result
search: 3
result: 0 Success

# numResponses: 2
# numEntries: 1

Host ucs.agele.local not found: 3(NXDOMAIN)

Wy the host is not founded?

Moritz_Bunkus · June 8, 2018, 7:12am

Hey,

alright, so the first command (the ldapsearch …) likely works because there’s an entry for ucs.agele.local in /etc/hosts pointing to the correct IP address. However, the second command (host …) doesn’t evaluate that file (on purpose).

That DNS record must exist for the domain to function properly. So let’s see why it doesn’t. Please post the output of the following commands:

ip -4 a
ucr get dns/backend
univention-ldapsearch -LLL -oldif-wrap=no relativedomainname=$(hostname) dn arecord
univention-s4search --show-binary --cross-ncs "(&(objectclass=dnsnode)(name=$(hostname)))"

Kind regards,
mosu

jo316 · June 11, 2018, 8:57am

# ip -4 a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    inet 192.168.1.1/24 brd 192.168.1.255 scope global br0
       valid_lft forever preferred_lft forever
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
6: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    inet 172.17.42.1/16 scope global docker0
       valid_lft forever preferred_lft forever

# ucr get dns/backend

ldap

# univention-ldapsearch -LLL -oldif-wrap=no relativedomainname=$(hostname) dn arecord

dn: relativeDomainName=ucs,zoneName=agele.local,cn=dns,dc=agele,dc=local
aRecord: 192.168.1.1

# univention-s4search --show-binary --cross-ncs "(&(objectclass=dnsnode)(name=$(hostname)))"

bash: univention-s4search: Kommando nicht gefunden.

Moritz_Bunkus · June 11, 2018, 9:01am

Hey,

hmm. What’s the content of /etc/resolv.conf? And have you tried restarting the nameserver?

systemctl restart bind9
host ucs.agele.local

jo316 · June 14, 2018, 10:21am

# cat /etc/resolv.conf
...
domain  agele.local
nameserver  192.168.1.254
options timeout:2

# systemctl restart bind9
# host ucs.agele.local
Host ucs.agele.local not found: 3(NXDOMAIN)

knebb · June 14, 2018, 10:35am

Getting closer.

What does

ucr search --brief nameserver
ucr search --brief forwarder

tell us?

Looks like your host queries the DNS server at 192.168.1.254 which I assume is your router (not having any clue about your local domain).
It should ask the proper DNS servers for the domain: 192.168.1.1

Moritz_Bunkus · June 14, 2018, 10:58am

What @knebb said

You can read more about the requirements for running a UCS domain here:

https://help.univention.com/t/requirements-for-a-successful-join-into-the-ucs-domain/8842

In general all UCS systems that contain their own LDAP server (DC Master, DC Backup, DC Slave) should have themselves set as their nameserver1, not an external machine.

m.

jo316 · June 14, 2018, 7:33pm

Ok, the host is now resolved. The DNS Server IP was not correct.

Thanks to all!!

Kind regards