Forums

Resolved
0 votes
Hello all,

I've to configure my dchp server to distribute diffrerent range of ip addresses on different subnets. (3 subnets)

As I can see, I've to modify the file /etc/dnsmasq.conf

But, to start my dchp service, it seems I need to activate it through the webconsole ... but I'd like to configure my whole dhcp into the /etc/dnsmasq.conf

If I understand correctly, I should create my first subnet with the webconfig tool and than, in my dnsmasq.conf adding the 2 other subnets ?

If not, does it mean that my file dnsmasq.conf will overwrite what I wrote in the webconfig ? and if, in my dnsmasq.conf, I add global options, are they going to overwrite some others in the default config ?

Thanks to all for your help
Thursday, March 19 2020, 08:53 AM
Like
1
Share this post:
Responses (30)
  • Accepted Answer

    Friday, March 20 2020, 10:32 AM - #Permalink
    Resolved
    0 votes
    Arnaud Forster wrote:
    the nmap ist strang because - if I correctly understand - it says that pings are blocked ... but when trying to ping my master from the slave, I can :
    No. You've only tested TCP to four ports. Ping uses ICMP. You have a networking issue somewhere. This to check are the Master firewall, switches, Slave connected on the correct port (LAN or External), and duplicate IP addresses.

    You may be able to remove flexshares, but the problem is Windows Networking. You can try disabling winbind but I don't know if it is needed or not.
    The reply is currently minimized Show
  • Accepted Answer

    Friday, March 20 2020, 10:45 AM - #Permalink
    Resolved
    0 votes
    Ok, thanks for the info Nick. So I stopped windbind but the error remains...


    Mar 20 11:38:35 DHCP winbindd[3954]: [2020/03/20 11:38:35.189611, 0] ../source3/winbindd/winbindd.c:244(winbindd_sig_term_handler)
    Mar 20 11:38:35 DHCP winbindd[3954]: Got sig[15] terminate (is_parent=1)
    Mar 20 11:38:35 DHCP winbindd[9207]: [2020/03/20 11:38:35.189611, 0] ../source3/winbindd/winbindd.c:244(winbindd_sig_term_handler)
    Mar 20 11:38:35 DHCP winbindd[9207]: Got sig[15] terminate (is_parent=0)
    Mar 20 11:38:35 DHCP winbindd[9206]: [2020/03/20 11:38:35.190033, 0] ../source3/winbindd/winbindd.c:244(winbindd_sig_term_handler)
    Mar 20 11:38:35 DHCP winbindd[9206]: Got sig[15] terminate (is_parent=0)
    Mar 20 11:38:50 DHCP clearsyncd[24131]: AccountsFileSync: Error establishing connection: Connection refused
    Mar 20 11:39:50 DHCP clearsyncd[24131]: AccountsFileSync: Error establishing connection: Connection refused


    I think (but 'm really not sure) I have to investigate around this AccountFileSync process wich can' t get in touch with my master ?
    The reply is currently minimized Show
  • Accepted Answer

    Friday, March 20 2020, 09:29 AM - #Permalink
    Resolved
    0 votes
    Ok, this is the port 8155 that is not responding :

    On my slave, it's configured in the filesync-accounts.conf file


    <!-- ClearSync Filesync: accounts -->
    <plugin name="AccountsFileSync" library="libcsplugin-filesync.so" stack-size="65536">

    <authkey>e0039b874976d6f655685575a2fc1e843945c2080e880d2219a75f7cca38d4b1</authkey>

    <slave host="master.gfb.lan" port="8155" interval="60">


    but on my master, this file even doesnt exist. is it normal ?
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, March 19 2020, 10:24 AM - #Permalink
    Resolved
    0 votes
    I don't think ClearOS writes to /etc/dnsmasq.conf once it is set up. Having said that, a better place to put your customisations is in a file in /etc/dnsmasq.d/ and the file can be called what you want. Another advantage of using a file in /etc/dnsmasq.d/ is that you can reload it with a "killall -1 dnsmasq" rather than doing a full restart. This does not re-read /etc/dnsmasq.conf.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, March 19 2020, 10:40 AM - #Permalink
    Resolved
    0 votes
    ok thanks Nick. I wrote that because there's already a dnsmas.conf in /etc/.

    As I can see, what is confiured through the webconsole is stored in /etc/dnsmasq.d/dhcp.conf

    So I create a new file in /etc/dnsmas.d/, but will the described configuration replace the one in dhcp.conf or is it an addition?
    In the case of an addition, what happens if I try to modify an option already present in dhcp.conf?

    Ooops, i can see now that I've many errors messages like :

    Mar 19 11:33:27 DHCP clearsyncd[2324]: AccountsFileSync: Error establishing connection: Connection refused
    Mar 19 11:34:27 DHCP clearsyncd[2324]: AccountsFileSync: Error establishing connection: Connection refused
    Mar 19 11:35:27 DHCP clearsyncd[2324]: AccountsFileSync: Error establishing connection: Connection refused

    any idea of that ?

    thanks very very much
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, March 19 2020, 11:51 AM - #Permalink
    Resolved
    0 votes
    Have a look at the conf-dir line in dnsmasq.conf and then google "man dnsmasq.conf" and check its meaning in the man pages.

    Conflicting parameters may be an issue. E.g. if you have both "bind-interfaces" and "bind-dynamic" in different files, dnsmasq will fail to start.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, March 19 2020, 01:49 PM - #Permalink
    Resolved
    0 votes
    Thanks Nick. My dhcp server has started so it seems everything's fine there. But I didn't see these lines in my messages :

    Mar 19 14:29:34 DHCP clearsyncd[1961]: CertificateManagerFileSync: Error establishing connection: No route to host
    Mar 19 14:29:34 DHCP clearsyncd[1961]: AccountsFileSync: Error establishing connection: No route to host

    could it be the update I made for the new certificate tool ?

    I stopped my dhcp server (dnsmasq service) but the error remains ...

    could it be a sync problem with my master (the problem occurs on the slave node) ?
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, March 19 2020, 09:04 PM - #Permalink
    Resolved
    0 votes
    Arnaud Forster wrote:

    Thanks Nick. My dhcp server has started so it seems everything's fine there. But I didn't see these lines in my messages :

    Mar 19 14:29:34 DHCP clearsyncd[1961]: CertificateManagerFileSync: Error establishing connection: No route to host
    Mar 19 14:29:34 DHCP clearsyncd[1961]: AccountsFileSync: Error establishing connection: No route to host

    could it be the update I made for the new certificate tool ?

    I stopped my dhcp server (dnsmasq service) but the error remains ...

    could it be a sync problem with my master (the problem occurs on the slave node) ?
    Can the slave contact the master by the FQDN you used to to the join? The FQDN will show in the Slave webconfig in the master/slave app. You can also use an IP address there instead.
    The reply is currently minimized Show
  • Accepted Answer

    Friday, March 20 2020, 07:11 AM - #Permalink
    Resolved
    0 votes
    Thanks Nick,
    Unfortunately, the slave node can ping the master ...

    [root@DHCP ~]# ping master.gfb.lan
    PING MASTER.GFB.LAN (10.163.232.5) 56(84) bytes of data.
    64 bytes from MASTER.GFB.LAN (10.163.232.5): icmp_seq=1 ttl=64 time=0.787 ms
    64 bytes from MASTER.GFB.LAN (10.163.232.5): icmp_seq=2 ttl=64 time=0.674 ms
    ^C
    --- MASTER.GFB.LAN ping statistics ---
    2 packets transmitted, 2 received, 0% packet loss, time 1001ms
    rtt min/avg/max/mdev = 0.674/0.730/0.787/0.062 ms


    I'll stop all services to see which one can generate these errors ...
    The reply is currently minimized Show
  • Accepted Answer

    Friday, March 20 2020, 07:38 AM - #Permalink
    Resolved
    0 votes
    Interesting, I checked my logs to see when this problem started ... here's what I found :

    It seems that the problem started when I configured the master/slave systems.


    Mar 17 11:08:43 DHCP systemd: winbind.service: main process exited, code=exited, status=1/FAILURE
    Mar 17 11:08:43 DHCP systemd: Failed to start Samba Winbind Daemon.
    Mar 17 11:08:43 DHCP systemd: Unit winbind.service entered failed state.
    Mar 17 11:08:43 DHCP systemd: winbind.service failed.
    Mar 17 11:08:44 DHCP clearsyncd[3131]: OpenLDAPOnlineEvent: sudo /usr/sbin/trigger openldap_online: 256
    Mar 17 11:08:47 DHCP nmbd[7707]: [2020/03/17 11:08:47.452811, 0] ../source3/nmbd/nmbd_logonnames.c:123(become_logon_server_success)
    Mar 17 11:08:47 DHCP nmbd[7707]: become_logon_server_success: Samba is now a logon server for workgroup GFB on subnet 10.163.232.6
    Mar 17 11:08:50 DHCP nslcd[7678]: caught signal SIGTERM (15), shutting down
    Mar 17 11:08:50 DHCP nslcd[7678]: version 0.8.13 bailing out
    Mar 17 11:08:50 DHCP nslcd[7998]: version 0.8.13 starting
    Mar 17 11:08:50 DHCP nslcd[7998]: accepting connections


    Mar 17 11:08:51 DHCP systemd: clearsync.service: main process exited, code=killed, status=9/KILL
    Mar 17 11:08:51 DHCP systemd: Unit clearsync.service entered failed state.
    Mar 17 11:08:51 DHCP systemd: clearsync.service failed.


    Mar 17 11:08:51 DHCP clearsyncd[8041]: Network Proxy Watch: Started
    Mar 17 11:08:51 DHCP clearsyncd[8041]: ClearSync initialized.
    Mar 17 11:08:52 DHCP clearsyncd[8041]: AccountsFileSync: Error establishing connection: Connection refused
    Mar 17 11:09:52 DHCP clearsyncd[8041]: AccountsFileSync: Error establishing connection: Connection refused


    Does anyone have a idea on what I could do here ?
    The reply is currently minimized Show
  • Accepted Answer

    Friday, March 20 2020, 08:49 AM - #Permalink
    Resolved
    0 votes
    A long time ago an update was pushed to always enable winbind but I'm coming to think, on some systems it is not necessary. It is needed for flexshares and, I think, the AD connector. I have no idea about master/slave - I think not if you are not using flexshares. You can try disabling it or ClearOS will try to restart it every 5 minutes. Alternatively, initialise Windows networking and it won't fail.

    At a guess, your dump is on your slave. Are tcp ports 81, 636, 8154 and 8155 contactable on the master. Perhaps try:
    nmap 10.163.232.5 -p 81,636,8154,8155
    You may need to install nmap. Either 8154 or 8155 may fail. I'd need to check which.

    Also on the master check to see what is listening:
    netstat -npl | egrep ':(81|636|815)'
    The reply is currently minimized Show
  • Accepted Answer

    Friday, March 20 2020, 08:59 AM - #Permalink
    Resolved
    0 votes
    Si I tried what you said.

    both master and slave are on the same subnet. No firewall is installed.

    On the slave :

    [root@DHCP /]# nmap 10.163.232.5 -p 81,636,8154,8155

    Starting Nmap 6.40 ( http://nmap.org ) at 2020-03-20 09:56 CET
    Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
    Nmap done: 1 IP address (0 hosts up) scanned in 0.45 seconds



    the nmap ist strang because - if I correctly understand - it says that pings are blocked ... but when trying to ping my master from the slave, I can :


    [root@DHCP ~]# nmap 10.163.232.5 -p 81

    Starting Nmap 6.40 ( http://nmap.org ) at 2020-03-20 10:08 CET
    Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
    Nmap done: 1 IP address (0 hosts up) scanned in 0.45 seconds
    [root@DHCP ~]# ping 10.163.232.5
    PING 10.163.232.5 (10.163.232.5) 56(84) bytes of data.
    64 bytes from 10.163.232.5: icmp_seq=1 ttl=64 time=0.693 ms
    64 bytes from 10.163.232.5: icmp_seq=2 ttl=64 time=0.848 ms
    64 bytes from 10.163.232.5: icmp_seq=3 ttl=64 time=0.823 ms
    ^C
    --- 10.163.232.5 ping statistics ---
    3 packets transmitted, 3 received, 0% packet loss, time 2001ms
    rtt min/avg/max/mdev = 0.693/0.788/0.848/0.067 ms



    On the master :

    [root@MASTER /]# netstat -npl | egrep '(81|636|815)'
    tcp 0 0 0.0.0.0:8154 0.0.0.0:* LISTEN 18840/clearsyncd
    tcp 0 0 10.163.232.5:636 0.0.0.0:* LISTEN 21605/slapd
    tcp6 0 0 :::81 :::* LISTEN 2352/webconfig
    unix 2 [ ACC ] STREAM LISTENING 20819 1793/master private/trace
    unix 2 [ ACC ] STREAM LISTENING 20815 1793/master private/defer
    unix 2 [ ACC ] STREAM LISTENING 20812 1793/master private/bounce


    Yes, flexshare is not usefull on my master. Can I uninstall it ?
    thanks very very much for your help
    The reply is currently minimized Show
  • Accepted Answer

    Friday, March 20 2020, 12:19 PM - #Permalink
    Resolved
    0 votes
    Hello Nick,

    I found a network problem on a switch with a trunk. I removed it ant started my test again :


    [root@DHCP ~]# nmap 10.163.232.5 -p 81,636,8154,8155

    Starting Nmap 6.40 ( http://nmap.org ) at 2020-03-20 12:18 CET
    Nmap scan report for MASTER.GFB.LAN (10.163.232.5)
    Host is up (0.0032s latency).
    PORT STATE SERVICE
    81/tcp open hosts2-ns
    636/tcp open ldapssl
    8154/tcp open unknown
    8155/tcp closed unknown
    MAC Address: 72:0A:C0:0B:C7:DE (Unknown)

    Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds


    this sounds better but I still have the problem with the 8155 on the master ; do you have any idea ?
    The reply is currently minimized Show
  • Accepted Answer

    Friday, March 20 2020, 12:23 PM - #Permalink
    Resolved
    0 votes
    I think 8155 only works under certain conditions and is not used for a basic user sync.

    When talking about winbind I keep saying disable not stop. It stops itself when it failsm but if it is enabled (i.e set to auto start, the servicewatcher will try to restart it every 5 minutes. I think it is a red herring. Do:
    systemctl disable winbind
    The reply is currently minimized Show
  • Accepted Answer

    Friday, March 20 2020, 01:21 PM - #Permalink
    Resolved
    0 votes
    ok Nick, thanks.

    on the slave node (just to be sure) ..
    The reply is currently minimized Show
  • Accepted Answer

    Friday, March 20 2020, 01:43 PM - #Permalink
    Resolved
    0 votes
    After having stopped the winbind, I checked my messages :


    Mar 20 14:36:35 DHCP nmbd[8278]: [2020/03/20 14:36:35.684997, 0] ../source3/nmbd/nmbd_namequery.c:109(query_name_response)
    Mar 20 14:36:35 DHCP nmbd[8278]: query_name_response: Multiple (2) responses received for a query on subnet 10.163.232.6 for name GFB<1d>.
    Mar 20 14:36:35 DHCP nmbd[8278]: This response was from IP 10.163.232.5, reporting an IP address of 10.163.232.5.
    Mar 20 14:36:50 DHCP clearsyncd[24131]: AccountsFileSync: Error establishing connection: Connection refused
    Mar 20 14:37:50 DHCP clearsyncd[24131]: AccountsFileSync: Error establishing connection: Connection refused
    Mar 20 14:38:50 DHCP clearsyncd[24131]: AccountsFileSync: Error establishing connection: Connection refused
    Mar 20 14:39:50 DHCP clearsyncd[24131]: AccountsFileSync: Error establishing connection: Connection refused


    problem still occurs but I dont know what is the GFB<1d> .. GFB is fine but <1d> ? just a tag ?
    The reply is currently minimized Show
  • Accepted Answer

    Friday, March 20 2020, 02:45 PM - #Permalink
    Resolved
    0 votes
    <1d> is just a tag. You see can it when you run "nbtstat" on a Windows machine. Offhand, I don't know what it is.

    on the slave node (just to be sure) ..
    Any where you are getting the error and don't need winbind. Just remember you've stopped it.
    The reply is currently minimized Show
  • Accepted Answer

    Friday, March 20 2020, 03:27 PM - #Permalink
    Resolved
    0 votes
    ok, thank you Nick.

    I'm a little bit lost here..

    According to my error message :

    AccountsFileSync: Error establishing connection: Connection refused


    The problem comes from the AccountFileSync tool

    My AccountFileSync.conf file is configured like this :


    <slave host="master.gfb.lan" port="8155" interval="60">
    <file name="accounts-state" presync="" postsync="sudo /usr/sbin/trigger accounts">/var/clearos/accounts/transaction.state</file>
    </slave>


    So i really looks like it wants to connect to my master but my master doesn't allow that .

    So I dont know what could I do. I should put my system in production next week. but I dont know If i can. System works but this problem bothers me !
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, March 21 2020, 10:41 AM - #Permalink
    Resolved
    0 votes
    It looks line clearsyncd should be listening on both 8154 and 8155 on the master. What do you get from:
    grep 815 /etc/clearsync.d/*
    Can you try restarting clearsync with a:
    systemctl restart clearsync
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, March 21 2020, 05:12 PM - #Permalink
    Resolved
    0 votes
    Thank you very much Nick,
    I'm gonna try that next monday .. I've no access to my systems from the outside
    Have a nice week-end :)
    The reply is currently minimized Show
  • Accepted Answer

    Monday, March 23 2020, 06:40 AM - #Permalink
    Resolved
    0 votes
    Hello Nick,

    So, I made what you proposed on my master; Here's the result :


    [root@MASTER ~]# grep 815 /etc/clearsync.d/*
    /etc/clearsync.d/filesync-certificate-manager.conf:<master bind="0.0.0.0" port= 8154">

    [root@MASTER ~]# systemctl restart clearsync
    [root@MASTER ~]# grep 815 /etc/clearsync.d/*
    /etc/clearsync.d/filesync-certificate-manager.conf:<master bind="0.0.0.0" port= 8154">


    The problem - maybe - ist that there's no filesync-account.conf file on my master.. could it be a bug ?

    i made a test a created a new user on my master. A few seconds later, the account was on my slave.

    I checked my master again and I wonder if the "Mode" of my Master's directory Server is correct ... because it is set on 'Standalone' (see pic)

    But, for the Master / Slave Synchronization, it is set to master and can communicate with my slave ...

    could I change the Directory Server' mode from standalone to something else ?
    The reply is currently minimized Show
  • Accepted Answer

    Monday, March 23 2020, 08:36 AM - #Permalink
    Resolved
    0 votes
    The mode should be "master" and not "standalone" and you can't just change it, I believe. Please see this HowTo.

    [edit]
    Note that once you reset the master, your sychronisation key may change, in which case you'll have to reset the slave as well - the following section in the instructions.
    [/edit]
    The reply is currently minimized Show
  • Accepted Answer

    Monday, March 23 2020, 10:20 AM - #Permalink
    Resolved
    0 votes
    thanks Nick,
    Yes I found that procedure .. unfortunately, Directory Server remains in standalone mode although it is configured as a master for synchronization.

    I think I'll have to make a complete new installation ... :(
    The reply is currently minimized Show
  • Accepted Answer

    Monday, March 23 2020, 02:36 PM - #Permalink
    Resolved
    0 votes
    Grrrr...
    I installed a new Master..
    this time , clearsync filesync is fine but now these are the filesync certificates which has problems ...

    ar 23 15:33:12 DHCP clearsyncd[1956]: CertificateManagerFileSync: Error reading packet header: Hang-up
    Mar 23 15:33:12 DHCP clearsyncd[1956]: CertificateManagerFileSync: Unexpected packet id: 0x00
    Mar 23 15:34:12 DHCP clearsyncd[1956]: CertificateManagerFileSync: Error reading packet header: Hang-up
    Mar 23 15:34:12 DHCP clearsyncd[1956]: CertificateManagerFileSync: Unexpected packet id: 0x00


    I restarted my server, updated the certificate manager...

    any idea ?
    thanks very much :)
    The reply is currently minimized Show
  • Accepted Answer

    Monday, March 23 2020, 03:11 PM - #Permalink
    Resolved
    0 votes
    It is probably the slave using the wrong key. You can try editing it directly in /var/clearos/mode/mode on the slave or follow the instructions I linked to to reset the slave and then re-join it to the master. You will probably also want to delete the slave from the Master/Slave screen on the Master before you attempt to re-join.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, March 23 2020, 04:14 PM - #Permalink
    Resolved
    0 votes
    Thanks very much Nick,

    I re-registered the slave (but now not 100% sure) .. but finally I decided to completely re-install the slave ... operation in progress .. I hope everything will be fine this time ;)
    The reply is currently minimized Show
  • Accepted Answer

    Monday, March 23 2020, 04:28 PM - #Permalink
    Resolved
    0 votes
    ok, this time everyhing seems to work fine :) Yes !!

    Is my official external certificate should be duplicated, too or do I have to install it manually on my slave ?

    Thanks very very much for your kind help :)
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, March 24 2020, 05:10 PM - #Permalink
    Resolved
    0 votes
    AFAIK, only the CA certificate, system certificate and system key are synchronised. No others.
    The reply is currently minimized Show
  • Accepted Answer

    Jon Brown
    Jon Brown
    Offline
    Friday, July 03 2020, 08:10 PM - #Permalink
    Resolved
    0 votes
    Hello all,

    I have clearos running on a nuc connected to an asus router set in AP mode. Since doing so I have lost the ability of the asus to set guest networks for the IOT devices and guests that need an inet connection.

    I have read all the posts in the thread and i'll be honest, Is there anyone that can handhold a home essentials user that doesn't speak cli :)

    Surely there must be a way to this in Network->Settings->IP Settings.
    I'm sure it must be the Virtual option, but I don't want to just play around and mess things up. Thanks
    The reply is currently minimized Show
  • Accepted Answer

    Friday, July 03 2020, 08:41 PM - #Permalink
    Resolved
    0 votes
    To me, if a router is in AP mode, it is set with its DHCP server off and you give it a static LAN IP in the same subnet as your ClearOS LAN. You connect it ClearOS LAN to AP LAN. Then all DHCP is handled by ClearOS. If you want it the WiFi on a different subnet, either the AP needs to be able to handle VLAN's and you configure a VLAN in ClearOS (but I suspect the AP can't handle VLAN's) or you need to connect it to a separate NIC in ClearOS. The other way to it is to have the router in router mode and you connect ClearOS LAN to router WAN. The router LAN must be on a different subnet from the ClearOS LAN. Then all WiFi devices will appear to have a single IP to ClearOS but they will be double NAT'd.


    And
    The reply is currently minimized Show
Your Reply