Hi - habe gerade mein System auf 4.3-2 errata286 hochgerüstet.
Bei der Systemdiagnose (UCS Master) gab es dann eine DNS Fehlermeldung und einem Link dem ich gefolgt bin - und am Ende des Weges dann auch in dem oben geschriebenen LOG-File.
Die DNS “Fehlermeldung” hatte sich nach dem ich dann auch den allerneusten Patch (287) eingespielt hatte erledigt - übrig blieb jedoch eine Anzahl von DHCP Meldungen:
Oct 19 19:58:56 ucs42 dhcpd[7640]: DHCPINFORM from 192.168.156.xx1 via eth0: not authoritative for subnet 192.168.156.0
Oct 19 19:58:56 ucs42 dhcpd[7640]: If this DHCP server is authoritative for that subnet,
Oct 19 19:58:56 ucs42 dhcpd[7640]: please write an `authoritative;' directive either in the
Oct 19 19:58:56 ucs42 dhcpd[7640]: subnet declaration or in some scope that encloses the
Oct 19 19:58:56 ucs42 dhcpd[7640]: subnet declaration - for example, write it at the top
Oct 19 19:58:56 ucs42 dhcpd[7640]: of the dhcpd.conf file.
Oct 19 19:59:01 ucs42 dhcpd[7640]: DHCPINFORM from 192.168.156.xx1 via eth0: not authoritative for subnet 192.168.156.0
Oct 19 20:07:47 ucs42 dhcpd[7640]: DHCPINFORM from 192.168.156.xx2 via eth0: not authoritative for subnet 192.168.156.0
Oct 19 20:08:59 ucs42 dhcpd[7640]: DHCPINFORM from 192.168.156.xx3 via eth0: not authoritative for subnet 192.168.156.0
Oct 19 20:09:01 ucs42 systemd[1]: Starting Clean php session files...
Oct 19 20:09:02 ucs42 systemd[1]: Started Clean php session files.
Oct 19 20:09:02 ucs42 dhcpd[7640]: DHCPINFORM from 192.168.156.xx1 via eth0: not authoritative for subnet 192.168.156.0
Oct 19 20:10:14 ucs42 dhcpd[7640]: DHCPINFORM from 192.168.156.xx1 via eth0: not authoritative for subnet 192.168.156.0
Oct 19 20:10:17 ucs42 dhcpd[7640]: DHCPINFORM from 192.168.156.xx1 via eth0: not authoritative for subnet 192.168.156.0
Oct 19 20:10:37 ucs42 dhcpd[7640]: LDAP server was down, trying to reconnect...
Oct 19 20:10:37 ucs42 dhcpd[7640]: DHCPREQUEST for 192.168.156.xx5 from 00:08:9b:f3:19:3e via eth0
Oct 19 20:10:37 ucs42 dhcpd[7640]: DHCPACK on 192.168.156.xx5 to 00:08:9b:f3:19:3e via eth0
Oct 19 20:11:20 ucs42 dhcpd[7640]: DHCPINFORM from 192.168.156.xx2 via eth0: not authoritative for subnet 192.168.156.0
Oct 19 20:11:23 ucs42 dhcpd[7640]: DHCPINFORM from 192.168.156.xx1 via eth0: not authoritative for subnet 192.168.156.0
Nun die Fragen
Sind die Meldungen normal? Habe im Log auch gesehen, dass diese Meldungen auch bereits unter 4.3-1 errata282 vorhanden waren.
Der “Hinweis” im Log (If this DHCP server is authoritative for that subnet …) verweist auf die dhcp.conf die ich von Hand anpassen soll. Öffnet man die Datei, steht da aber - diese Datei wird automatisch erzeugt. Darum die Frage - wo in der UCS Management Web-Oberfläche muss/kann man das eintragen.
Oder ist alles so wie es sein soll - also alles OK - was ja auch die System-Diagnose sagt
Schönen Abend noch - und danke für den aktuellen Patch (287).
ich würde hier auch gern auf eine Dokumentation verweisen, nur weiß ich auch nicht, wo das steht.
Über die Informationen in https://forge.univention.org/bugzilla/show_bug.cgi?id=23402 kann man irgendwie erahnen, dass man eine Richtlinie “DHCP Verschiedenes” (DHCP Statements) benötigt und vermutlich dem Service zuordnen muss.
Then lets try to document this also for those who can not translate from german:
Problem
/var/log/daemon.log shows entries like
Oct 19 20:09:02 ucs42 dhcpd[7640]: DHCPINFORM from 192.168.156.xx1 via eth0: not authoritative for subnet 192.168.156.0
Explanation
The configuration is missing the “authoritative” statement
from man 5 dhcpd.conf:
The authoritative statement
authoritative;
not authoritative;
The DHCP server will normally assume that the configuration information about a given network segment is not known to be correct and is not authoritative. This is so that if a naive user
installs a DHCP server not fully understanding how to configure it, it does not send spurious DHCPNAK messages to clients that have obtained addresses from a legitimate DHCP server on the
network.
Network administrators setting up authoritative DHCP servers for their networks should always write authoritative; at the top of their configuration file to indicate that the DHCP server
should send DHCPNAK messages to misconfigured clients. If this is not done, clients will be unable to get a correct IP address after changing subnets until their old lease has expired,
which could take quite a long time.
Usually, writing authoritative; at the top level of the file should be sufficient. However, if a DHCP server is to be set up so that it is aware of some networks for which it is authorita‐
tive and some networks for which it is not, it may be more appropriate to declare authority on a per-network-segment basis.
Note that the most specific scope for which the concept of authority makes any sense is the physical network segment - either a shared-network statement or a subnet statement that is not
contained within a shared-network statement. It is not meaningful to specify that the server is authoritative for some subnets within a shared network, but not authoritative for others,
nor is it meaningful to specify that the server is authoritative for some host declarations and not others.
Solution
Given that the the DHCP-Service provided by UCS should act as authoritative it is required to add a “DHCP statements” policy as mentioned in Further DHCP policies which at least should contain the “authoritative” configuration.
Example: