Samba-ad-dc-ddns-doker/dhcp-dyndns.sh

#!/bin/bash
# On FreeBSD change the above line to #!/usr/local/bin/bash
#
# /usr/local/bin/dhcp-dyndns.sh
#
# This script is for secure DDNS updates on Samba,
# it can also add the 'macAddress' to the Computers object.
#
# Version: 0.9.5
#
# Copyright (C) Rowland Penny 2020-2022
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

# Revised 2022-10-22, Rohhie, as follows:
# - ログをstderrに出力するようにした。
# - サーバー名とドメイン名、DNS管理者ユーザー名を環境変数で指定するようにした。
# - ユーザーは作ってある前提なのでテストロジックを削除した。
# - klistの-s指定をファイル名の前に移動した。
# - 期限切れで削除になる時、対象IPアドレスからホスト名を取得するようにした。
# - IPv6に対応する処理を追加した(ホームラボで使いたい範囲で動く程度)。

# You may need to ensure that you have a useful path
# If you have 'path' problems, Uncomment the next line and adjust for
# your setup e.g. self-compiled Samba
#export PATH=/usr/local/samba/bin:/usr/local/samba/sbin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin

##########################################################################
#                                                                        #
#    You can optionally add the 'macAddress' to the Computers object.    #
#    Add '$DHCPDNSADM' to the 'Domain Admins' group if used              #
#    Change the next line to 'yes' to make this happen                   #
Add_macAddress='no'
#                                                                        #
##########################################################################

# On FreeBSD change this to /usr/local/etc/<USERNAME>.keytab
keytab=/etc/$DHCPDNSADM.keytab

usage()
{
	cat <<-EOF
	USAGE:
	  $(basename "$0") add ip-address dhcid|mac-address hostname
	  $(basename "$0") delete ip-address dhcid|mac-address
	EOF
}

_KERBEROS()
{
	# get current time as a number
	test=$(date +%d'-'%m'-'%y' '%H':'%M':'%S)
	# Note: there have been problems with this
	# check that 'date' returns something like

	# Check for valid kerberos ticket
	#logger -s "${test} [dyndns] : Running check for valid kerberos ticket"
	klist -c -s "${KRB5CCNAME}"
	ret="$?"
	if [ $ret -ne 0 ]
	then
		logger -s "${test} [dyndns] : Getting new ticket, old one has expired"
		# On FreeBSD change the -F to --no-forwardable
		kinit -F -k -t $keytab "${SETPRINCIPAL}"
		ret="$?"
		if [ $ret -ne 0 ]
		then
			logger -s "${test} [dyndns] : dhcpd kinit for dynamic DNS failed"
			exit 1
		fi
	fi
}

rev_zone_info()
{
	local RevZone="$1"
	local IP="$2"
	local rzoneip
	local rzonenum

	if [[ $RevZone =~ .+"in-addr.arpa"$ ]]; then
		if [ $3 = "AAAA" ]; then
			ZoneIP="-no match-"
			return;
		fi
		rzoneip="${RevZone%.in-addr.arpa}"
	else
		if [ $3 = "A" ]; then
			ZoneIP="-no match-"
			return;
		fi
		rzoneip="${RevZone%.ip6.arpa}"
	fi

	unset ZoneIP
	unset RZIP
	unset IP2add

	if [ $3 = "A" ]; then
		rzonenum=$(echo "$rzoneip" |  tr '.' '\n')
		declare -a words
		for n in $rzonenum
		do
			words+=("$n")
		done
		local numwords="${#words[@]}"

		case "$numwords" in
			1)
				# single ip rev zone '192'
				ZoneIP=$(echo "${IP}" | awk -F '.' '{print $1}')
				RZIP="${rzoneip}"
				IP2add=$(echo "${IP}" | awk -F '.' '{print $4"."$3"."$2}')
				;;
			2)
				# double ip rev zone '168.192'
				ZoneIP=$(echo "${IP}" | awk -F '.' '{print $1"."$2}')
				RZIP=$(echo "${rzoneip}" | awk -F '.' '{print $2"."$1}')
				IP2add=$(echo "${IP}" | awk -F '.' '{print $4"."$3}')
				;;
			3)
				# triple ip rev zone '0.168.192'
				ZoneIP=$(echo "${IP}" | awk -F '.' '{print $1"."$2"."$3}')
				RZIP=$(echo "${rzoneip}" | awk -F '.' '{print $3"."$2"."$1}')
				IP2add=$(echo "${IP}" | awk -F '.' '{print $4}')
				;;
			*)
				# should never happen
				exit 1
				;;
		esac
	else
		local v6ip=$(echo -n $2 | sed "s/://g")
		local v6zn=$(echo -n $rzoneip | sed "s/\.//g" | rev)
		if [[ $v6ip =~ "$v6zn".+ ]]; then
			ZoneIP=$2
			RZIP="${ZoneIP}"
			IP2add=$(echo -n $v6ip | sed "s/$v6zn\(.\+\)/\1/" | rev | sed "s/\(.\)/\1./g" | sed "s/.$//")
		rzoneip="${RevZone%.ip6.arpa}"
		else
			ZoneIP="-no match-"
			return;
		fi
	fi
}

ipv6_short_to_long () {
	divaddr=$(echo -n $1 | sed "s/::/:-:/")
	local IFSBAK=$IFS
	IFS=: divaddr=($divaddr)
	IFS=$IFSBAK

	defaddr=()
	for element in "${divaddr[@]}"; do
		if [ $element = "-" ]; then
			padmax=$((8-${#divaddr[@]}))
			for (( i=0; i<=$padmax; i++ ))
			do
				defaddr+=("0000")
			done
		else
			padding="0000${element}"
			defaddr+=(${padding: -4})
		fi
	done

	longaddr=$(echo -n ${defaddr[@]} | sed "s/ /:/g")

	echo $longaddr
}

BINDIR=$(samba -b | grep 'BINDIR' | grep -v 'SBINDIR' | awk '{print $NF}')
[[ -z $BINDIR ]] && printf "Cannot find the 'samba' binary, is it installed ?\\nOr is your path set correctly ?\\n"
WBINFO="$BINDIR/wbinfo"

SAMBATOOL=$(command -v samba-tool)
[[ -z $SAMBATOOL ]] && printf "Cannot find the 'samba-tool' binary, is it installed ?\\nOr is your path set correctly ?\\n"

MINVER=$($SAMBATOOL -V | grep -o '[0-9]*' | tr '\n' ' ' | awk '{print $2}')
if [ "$MINVER" -gt '14' ]
then
	KTYPE="--use-kerberos=required"
else
	KTYPE="-k yes"
fi

# DHCP Server hostname
#Server=$(hostname -s)
Server=${DHCPSERVER}.${DHCPDOMAIN}

# DNS domain
#domain=$(hostname -d)
domain=${DHCPDOMAIN}
if [ -z "${domain}" ]
then
	logger -s "Cannot obtain domain name, is DNS set up correctly?"
	logger -s "Cannot continue... Exiting."
	exit 1
fi

# Samba realm
REALM="${domain^^}"

# krbcc ticket cache
export KRB5CCNAME="/tmp/dhcp-dyndns.cc"

# Kerberos principal
SETPRINCIPAL="${DHCPDNSADM}@${REALM}"
# Kerberos keytab as above
# krbcc ticket cache : /tmp/dhcp-dyndns.cc
#TESTUSER="$($WBINFO -u | grep $DHCPDNSADM)"
#if [ -z "${TESTUSER}" ]
#then
#	logger -s "No AD dhcp user exists, need to create it first.. exiting."
#	logger -s "you can do this by typing the following commands"
#	logger -s "kinit Administrator@${REALM}"
#	logger -s "$SAMBATOOL user create $DHCPDNSADM --random-password --description='Unprivileged user for DNS updates via ISC DHCP server'"
#	logger -s "$SAMBATOOL user setexpiry $DHCPDNSADM --noexpiry"
#	logger -s "$SAMBATOOL group addmembers DnsAdmins $DHCPDNSADM"
#	exit 1
#fi

# Check for Kerberos keytab
if [ ! -f /etc/$DHCPDNSADM.keytab ]
then
	logger -s "Required keytab $keytab not found, it needs to be created."
	logger -s "Use the following commands as root"
	logger -s "$SAMBATOOL domain exportkeytab --principal=${SETPRINCIPAL} $keytab"
	logger -s "chown XXXX:XXXX $keytab"
	logger -s "Replace 'XXXX:XXXX' with the user & group that dhcpd runs as on your distro"
	logger -s "chmod 400 $keytab"
	exit 1
fi

# Variables supplied by dhcpd.conf
action="$1"
DHCID="$3"
name="${4%%.*}"
if [ "$5" = "-IPv6-" ]; then
	ip=$(ipv6_short_to_long $2)
	AorAAAA="AAAA"
else
	ip="$2"
	AorAAAA="A"
fi

# Exit if no ip address
if [ -z "${ip}" ]
then
	usage
	exit 1
fi

# Exit if no computer name supplied, unless the action is 'delete'
if [ -z "${name}" ]
then
	if [ "${action}" = "delete" ]
	then
		name=$(host -t PTR "${ip}" | awk '{print $NF}' | awk -F '.' '{print $1}')
	else
		usage
		exit 1
	fi
fi

# exit if name contains a space
case ${name} in
	*\ * )
		logger -s "Invalid hostname '${name}' ...Exiting"
		exit
		;;
esac

# if you want computers with a hostname that starts with 'dhcp' in AD
# comment the following block of code.
if [[ $name == dhcp* ]]
then
	logger -s "not updating DNS record in AD, invalid name"
	exit 0
fi

## update ##
case "${action}" in
	add)
		_KERBEROS
		count=0
		# does host have an existing 'A' record ?
		A_REC=$($SAMBATOOL dns query "${Server}" "${domain}" "${name}" $AorAAAA "$KTYPE" 2>/dev/null | grep "$AorAAAA:" | awk '{print $2}')
		# turn A_REC into an array
		A_REC=("$A_REC")
		if [ "${#A_REC[@]}" -eq 0 ]
		then
			# no A record to delete
			result1=0
			$SAMBATOOL dns add "${Server}" "${domain}" "${name}" $AorAAAA "${ip}" "$KTYPE"
			result2="$?"
		elif [ "${#A_REC[@]}" -gt 1 ]
		then
			for i in "${A_REC[@]}"
			do
				$SAMBATOOL dns delete "${Server}" "${domain}" "${name}" $AorAAAA "${i}" "$KTYPE"
			done
			# all A records deleted
			result1=0
			$SAMBATOOL dns add "${Server}" "${domain}" "${name}" $AorAAAA "${ip}" "$KTYPE"
			result2="$?"
		elif [ "${#A_REC[@]}" -eq 1 ]
		then
			# turn array into a variable
			VAR_A_REC="${A_REC[*]}"
			if [ "$VAR_A_REC" = "${ip}" ]
			then
				# Correct A record exists, do nothing
				logger -s "Correct '$AorAAAA' record exists, not updating."
				result1=0
				result2=0
				count=$((count+1))
			elif [ "$VAR_A_REC" != "${ip}" ]
			then
				# Wrong A record exists
				logger -s "'$AorAAAA' record changed, updating record."
				$SAMBATOOL dns delete "${Server}" "${domain}" "${name}" $AorAAAA "${VAR_A_REC}" "$KTYPE"
				result1="$?"
				$SAMBATOOL dns add "${Server}" "${domain}" "${name}" $AorAAAA "${ip}" "$KTYPE"
				result2="$?"
			fi
		fi

		# get existing reverse zones (if any)
		ReverseZones=$($SAMBATOOL dns zonelist "${Server}" "$KTYPE" --reverse | grep 'pszZoneName' | awk '{print $NF}')
		if [ -z "$ReverseZones" ]; then
			logger -s "No reverse zone found, not updating"
			result3='0'
			result4='0'
			count=$((count+1))
		else
			for revzone in $ReverseZones
			do
				rev_zone_info "$revzone" "${ip}" "${AorAAAA}"
				if [[ ${ip} = $ZoneIP* ]] && [ "$ZoneIP" = "$RZIP" ]
				then
					# does host have an existing 'PTR' record ?
					PTR_REC=$($SAMBATOOL dns query "${Server}" "${revzone}" "${IP2add}" PTR "$KTYPE" 2>/dev/null | grep 'PTR:' | awk '{print $2}' | awk -F '.' '{print $1}')
					if [[ -z $PTR_REC ]]
					then
						# no PTR record to delete
						result3=0
						$SAMBATOOL dns add "${Server}" "${revzone}" "${IP2add}" PTR "${name}"."${domain}" "$KTYPE"
						result4="$?"
						break
					elif [ "$PTR_REC" = "${name}" ]
					then
						# Correct PTR record exists, do nothing
						logger -s "Correct 'PTR' record exists, not updating."
						result3=0
						result4=0
						count=$((count+1))
						break
					elif [ "$PTR_REC" != "${name}" ]
					then
						# Wrong PTR record exists
						# points to wrong host
						logger -s "'PTR' record changed, updating record."
						$SAMBATOOL dns delete "${Server}" "${revzone}" "${IP2add}" PTR "${PTR_REC}"."${domain}" "$KTYPE"
						result3="$?"
						$SAMBATOOL dns add "${Server}" "${revzone}" "${IP2add}" PTR "${name}"."${domain}" "$KTYPE"
						result4="$?"
						break
					fi
				else
					continue
				fi
			done
	        fi
		;;
	delete)
		_KERBEROS

		count=0
		name=$(host -t PTR "${ip}" | sed 's/.\+pointer \([^.]\+\).\+$/\1/')
		$SAMBATOOL dns delete "${Server}" "${domain}" "${name}" $AorAAAA "${ip}" "$KTYPE"
		result1="$?"
		# get existing reverse zones (if any)
		ReverseZones=$($SAMBATOOL dns zonelist "${Server}" --reverse "$KTYPE" | grep 'pszZoneName' | awk '{print $NF}')
		if [ -z "$ReverseZones" ]
		then
			logger -s "No reverse zone found, not updating"
			result2='0'
			count=$((count+1))
		else
			for revzone in $ReverseZones
			do
				rev_zone_info "$revzone" "${ip}" "${AorAAAA}"
				if [[ ${ip} = $ZoneIP* ]] && [ "$ZoneIP" = "$RZIP" ]
				then
					host -t PTR "${ip}" > /dev/null 2>&1
					ret="$?"
					if [ $ret -eq 0 ]
					then
						$SAMBATOOL dns delete "${Server}" "${revzone}" "${IP2add}" PTR "${name}"."${domain}" "$KTYPE"
						result2="$?"
					else
						result2='0'
						count=$((count+1))
					fi
					break
				else
					continue
				fi
			done
		fi
		result3='0'
		result4='0'
		;;
	*)
		logger -s "Invalid action specified"
		exit 103
	;;
esac

result="${result1}:${result2}:${result3}:${result4}"

if [ "$count" -eq 0 ]
then
	if [ "${result}" != "0:0:0:0" ]
	then
		logger -s "DHCP-DNS $action failed: ${result}"
		exit 1
	else
		logger -s "DHCP-DNS $action succeeded"
	fi
fi

if [ "$Add_macAddress" != 'no' ]
then
	if [ -n "$DHCID" ]
	then
		Computer_Object=$(ldbsearch "$KTYPE" -H ldap://"$Server" "(&(objectclass=computer)(objectclass=ieee802Device)(cn=$name))" | grep -v '#' | grep -v 'ref:')
		if [ -z "$Computer_Object" ]
		then
			# Computer object not found with the 'ieee802Device' objectclass, does the computer actually exist, it should.
			Computer_Object=$(ldbsearch "$KTYPE" -H ldap://"$Server" "(&(objectclass=computer)(cn=$name))" | grep -v '#' | grep -v 'ref:')
			if [ -z "$Computer_Object" ]
			then
				logger -s "Computer '$name' not found. Exiting."
				exit 68
			else
				DN=$(echo "$Computer_Object" | grep 'dn:')
				objldif="$DN
changetype: modify
add: objectclass
objectclass: ieee802Device"

				attrldif="$DN
changetype: modify
add: macAddress
macAddress: $DHCID"

				# add the ldif
				echo "$objldif" | ldbmodify "$KTYPE" -H ldap://"$Server"
				ret="$?"
				if [ $ret -ne 0 ]
				then
					logger -s "Error modifying Computer objectclass $name in AD."
					exit "${ret}"
				fi
				sleep 2
				echo "$attrldif" | ldbmodify "$KTYPE" -H ldap://"$Server"
				ret="$?"
				if [ "$ret" -ne 0 ]; then
					logger -s "Error modifying Computer attribute $name in AD."
					exit "${ret}"
				fi
				unset objldif
				unset attrldif
				logger -s "Successfully modified Computer $name in AD"
			fi
	else
		DN=$(echo "$Computer_Object" | grep 'dn:')
		attrldif="$DN
changetype: modify
replace: macAddress
macAddress: $DHCID"

		echo "$attrldif" | ldbmodify "$KTYPE" -H ldap://"$Server"
		ret="$?"
		if [ "$ret" -ne 0 ]
		then
			logger -s "Error modifying Computer attribute $name in AD."
			exit "${ret}"
		fi
			unset attrldif
			logger -s "Successfully modified Computer $name in AD"
		fi
	fi
fi

exit 0
First version 2022-10-30 10:59:26 +09:00			`#!/bin/bash`
			`# On FreeBSD change the above line to #!/usr/local/bin/bash`
			`#`
			`# /usr/local/bin/dhcp-dyndns.sh`
			`#`
			`# This script is for secure DDNS updates on Samba,`
			`# it can also add the 'macAddress' to the Computers object.`
			`#`
			`# Version: 0.9.5`
			`#`
			`# Copyright (C) Rowland Penny 2020-2022`
			`#`
			`# This program is free software; you can redistribute it and/or modify`
			`# it under the terms of the GNU General Public License as published by`
			`# the Free Software Foundation; either version 3 of the License, or`
			`# (at your option) any later version.`
			`#`
			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU General Public License`
			`# along with this program. If not, see <http://www.gnu.org/licenses/>.`

			`# Revised 2022-10-22, Rohhie, as follows:`
			`# - ログをstderrに出力するようにした。`
			`# - サーバー名とドメイン名、DNS管理者ユーザー名を環境変数で指定するようにした。`
			`# - ユーザーは作ってある前提なのでテストロジックを削除した。`
			`# - klistの-s指定をファイル名の前に移動した。`
			`# - 期限切れで削除になる時、対象IPアドレスからホスト名を取得するようにした。`
			`# - IPv6に対応する処理を追加した(ホームラボで使いたい範囲で動く程度)。`

			`# You may need to ensure that you have a useful path`
			`# If you have 'path' problems, Uncomment the next line and adjust for`
			`# your setup e.g. self-compiled Samba`
			`#export PATH=/usr/local/samba/bin:/usr/local/samba/sbin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin`

			`##########################################################################`
			`# #`
			`# You can optionally add the 'macAddress' to the Computers object. #`
			`# Add '$DHCPDNSADM' to the 'Domain Admins' group if used #`
			`# Change the next line to 'yes' to make this happen #`
			`Add_macAddress='no'`
			`# #`
			`##########################################################################`

			`# On FreeBSD change this to /usr/local/etc/<USERNAME>.keytab`
			`keytab=/etc/$DHCPDNSADM.keytab`

			`usage()`
			`{`
			`cat <<-EOF`
			`USAGE:`
			`$(basename "$0") add ip-address dhcid\|mac-address hostname`
			`$(basename "$0") delete ip-address dhcid\|mac-address`
			`EOF`
			`}`

			`_KERBEROS()`
			`{`
			`# get current time as a number`
			`test=$(date +%d'-'%m'-'%y' '%H':'%M':'%S)`
			`# Note: there have been problems with this`
			`# check that 'date' returns something like`

			`# Check for valid kerberos ticket`
			`#logger -s "${test} [dyndns] : Running check for valid kerberos ticket"`
			`klist -c -s "${KRB5CCNAME}"`
			`ret="$?"`
			`if [ $ret -ne 0 ]`
			`then`
			`logger -s "${test} [dyndns] : Getting new ticket, old one has expired"`
			`# On FreeBSD change the -F to --no-forwardable`
			`kinit -F -k -t $keytab "${SETPRINCIPAL}"`
			`ret="$?"`
			`if [ $ret -ne 0 ]`
			`then`
			`logger -s "${test} [dyndns] : dhcpd kinit for dynamic DNS failed"`
			`exit 1`
			`fi`
			`fi`
			`}`

			`rev_zone_info()`
			`{`
			`local RevZone="$1"`
			`local IP="$2"`
			`local rzoneip`
			`local rzonenum`

			`if [[ $RevZone =~ .+"in-addr.arpa"$ ]]; then`
			`if [ $3 = "AAAA" ]; then`
			`ZoneIP="-no match-"`
			`return;`
			`fi`
			`rzoneip="${RevZone%.in-addr.arpa}"`
			`else`
			`if [ $3 = "A" ]; then`
			`ZoneIP="-no match-"`
			`return;`
			`fi`
			`rzoneip="${RevZone%.ip6.arpa}"`
			`fi`

			`unset ZoneIP`
			`unset RZIP`
			`unset IP2add`

			`if [ $3 = "A" ]; then`
			`rzonenum=$(echo "$rzoneip" \| tr '.' '\n')`
			`declare -a words`
			`for n in $rzonenum`
			`do`
			`words+=("$n")`
			`done`
			`local numwords="${#words[@]}"`

			`case "$numwords" in`
			`1)`
			`# single ip rev zone '192'`
			`ZoneIP=$(echo "${IP}" \| awk -F '.' '{print $1}')`
			`RZIP="${rzoneip}"`
			`IP2add=$(echo "${IP}" \| awk -F '.' '{print $4"."$3"."$2}')`
			`;;`
			`2)`
			`# double ip rev zone '168.192'`
			`ZoneIP=$(echo "${IP}" \| awk -F '.' '{print $1"."$2}')`
			`RZIP=$(echo "${rzoneip}" \| awk -F '.' '{print $2"."$1}')`
			`IP2add=$(echo "${IP}" \| awk -F '.' '{print $4"."$3}')`
			`;;`
			`3)`
			`# triple ip rev zone '0.168.192'`
			`ZoneIP=$(echo "${IP}" \| awk -F '.' '{print $1"."$2"."$3}')`
			`RZIP=$(echo "${rzoneip}" \| awk -F '.' '{print $3"."$2"."$1}')`
			`IP2add=$(echo "${IP}" \| awk -F '.' '{print $4}')`
			`;;`
			`*)`
			`# should never happen`
			`exit 1`
			`;;`
			`esac`
			`else`
			`local v6ip=$(echo -n $2 \| sed "s/://g")`
			`local v6zn=$(echo -n $rzoneip \| sed "s/\.//g" \| rev)`
			`if [[ $v6ip =~ "$v6zn".+ ]]; then`
			`ZoneIP=$2`
			`RZIP="${ZoneIP}"`
			`IP2add=$(echo -n $v6ip \| sed "s/$v6zn\(.\+\)/\1/" \| rev \| sed "s/\(.\)/\1./g" \| sed "s/.$//")`
			`rzoneip="${RevZone%.ip6.arpa}"`
			`else`
			`ZoneIP="-no match-"`
			`return;`
			`fi`
			`fi`
			`}`

			`ipv6_short_to_long () {`
			`divaddr=$(echo -n $1 \| sed "s/::/:-:/")`
			`local IFSBAK=$IFS`
			`IFS=: divaddr=($divaddr)`
			`IFS=$IFSBAK`

			`defaddr=()`
			`for element in "${divaddr[@]}"; do`
			`if [ $element = "-" ]; then`
			`padmax=$((8-${#divaddr[@]}))`
			`for (( i=0; i<=$padmax; i++ ))`
			`do`
			`defaddr+=("0000")`
			`done`
			`else`
			`padding="0000${element}"`
			`defaddr+=(${padding: -4})`
			`fi`
			`done`

			`longaddr=$(echo -n ${defaddr[@]} \| sed "s/ /:/g")`

			`echo $longaddr`
			`}`

			`BINDIR=$(samba -b \| grep 'BINDIR' \| grep -v 'SBINDIR' \| awk '{print $NF}')`
			`[[ -z $BINDIR ]] && printf "Cannot find the 'samba' binary, is it installed ?\\nOr is your path set correctly ?\\n"`
			`WBINFO="$BINDIR/wbinfo"`

			`SAMBATOOL=$(command -v samba-tool)`
			`[[ -z $SAMBATOOL ]] && printf "Cannot find the 'samba-tool' binary, is it installed ?\\nOr is your path set correctly ?\\n"`

			`MINVER=$($SAMBATOOL -V \| grep -o '[0-9]*' \| tr '\n' ' ' \| awk '{print $2}')`
			`if [ "$MINVER" -gt '14' ]`
			`then`
			`KTYPE="--use-kerberos=required"`
			`else`
			`KTYPE="-k yes"`
			`fi`

			`# DHCP Server hostname`
			`#Server=$(hostname -s)`
			`Server=${DHCPSERVER}.${DHCPDOMAIN}`

			`# DNS domain`
			`#domain=$(hostname -d)`
			`domain=${DHCPDOMAIN}`
			`if [ -z "${domain}" ]`
			`then`
			`logger -s "Cannot obtain domain name, is DNS set up correctly?"`
			`logger -s "Cannot continue... Exiting."`
			`exit 1`
			`fi`

			`# Samba realm`
			`REALM="${domain^^}"`

			`# krbcc ticket cache`
			`export KRB5CCNAME="/tmp/dhcp-dyndns.cc"`

			`# Kerberos principal`
			`SETPRINCIPAL="${DHCPDNSADM}@${REALM}"`
			`# Kerberos keytab as above`
			`# krbcc ticket cache : /tmp/dhcp-dyndns.cc`
			`#TESTUSER="$($WBINFO -u \| grep $DHCPDNSADM)"`
			`#if [ -z "${TESTUSER}" ]`
			`#then`
			`# logger -s "No AD dhcp user exists, need to create it first.. exiting."`
			`# logger -s "you can do this by typing the following commands"`
			`# logger -s "kinit Administrator@${REALM}"`
			`# logger -s "$SAMBATOOL user create $DHCPDNSADM --random-password --description='Unprivileged user for DNS updates via ISC DHCP server'"`
			`# logger -s "$SAMBATOOL user setexpiry $DHCPDNSADM --noexpiry"`
			`# logger -s "$SAMBATOOL group addmembers DnsAdmins $DHCPDNSADM"`
			`# exit 1`
			`#fi`

			`# Check for Kerberos keytab`
			`if [ ! -f /etc/$DHCPDNSADM.keytab ]`
			`then`
			`logger -s "Required keytab $keytab not found, it needs to be created."`
			`logger -s "Use the following commands as root"`
			`logger -s "$SAMBATOOL domain exportkeytab --principal=${SETPRINCIPAL} $keytab"`
			`logger -s "chown XXXX:XXXX $keytab"`
			`logger -s "Replace 'XXXX:XXXX' with the user & group that dhcpd runs as on your distro"`
			`logger -s "chmod 400 $keytab"`
			`exit 1`
			`fi`

			`# Variables supplied by dhcpd.conf`
			`action="$1"`
			`DHCID="$3"`
			`name="${4%%.*}"`
			`if [ "$5" = "-IPv6-" ]; then`
			`ip=$(ipv6_short_to_long $2)`
			`AorAAAA="AAAA"`
			`else`
			`ip="$2"`
			`AorAAAA="A"`
			`fi`

			`# Exit if no ip address`
			`if [ -z "${ip}" ]`
			`then`
			`usage`
			`exit 1`
			`fi`

			`# Exit if no computer name supplied, unless the action is 'delete'`
			`if [ -z "${name}" ]`
			`then`
			`if [ "${action}" = "delete" ]`
			`then`
			`name=$(host -t PTR "${ip}" \| awk '{print $NF}' \| awk -F '.' '{print $1}')`
			`else`
			`usage`
			`exit 1`
			`fi`
			`fi`

			`# exit if name contains a space`
			`case ${name} in`
			`\ )`
			`logger -s "Invalid hostname '${name}' ...Exiting"`
			`exit`
			`;;`
			`esac`

			`# if you want computers with a hostname that starts with 'dhcp' in AD`
			`# comment the following block of code.`
			`if [[ $name == dhcp* ]]`
			`then`
			`logger -s "not updating DNS record in AD, invalid name"`
			`exit 0`
			`fi`

			`## update ##`
			`case "${action}" in`
			`add)`
			`_KERBEROS`
			`count=0`
			`# does host have an existing 'A' record ?`
			`A_REC=$($SAMBATOOL dns query "${Server}" "${domain}" "${name}" $AorAAAA "$KTYPE" 2>/dev/null \| grep "$AorAAAA:" \| awk '{print $2}')`
			`# turn A_REC into an array`
			`A_REC=("$A_REC")`
			`if [ "${#A_REC[@]}" -eq 0 ]`
			`then`
			`# no A record to delete`
			`result1=0`
			`$SAMBATOOL dns add "${Server}" "${domain}" "${name}" $AorAAAA "${ip}" "$KTYPE"`
			`result2="$?"`
			`elif [ "${#A_REC[@]}" -gt 1 ]`
			`then`
			`for i in "${A_REC[@]}"`
			`do`
			`$SAMBATOOL dns delete "${Server}" "${domain}" "${name}" $AorAAAA "${i}" "$KTYPE"`
			`done`
			`# all A records deleted`
			`result1=0`
			`$SAMBATOOL dns add "${Server}" "${domain}" "${name}" $AorAAAA "${ip}" "$KTYPE"`
			`result2="$?"`
			`elif [ "${#A_REC[@]}" -eq 1 ]`
			`then`
			`# turn array into a variable`
			`VAR_A_REC="${A_REC[*]}"`
			`if [ "$VAR_A_REC" = "${ip}" ]`
			`then`
			`# Correct A record exists, do nothing`
			`logger -s "Correct '$AorAAAA' record exists, not updating."`
			`result1=0`
			`result2=0`
			`count=$((count+1))`
			`elif [ "$VAR_A_REC" != "${ip}" ]`
			`then`
			`# Wrong A record exists`
			`logger -s "'$AorAAAA' record changed, updating record."`
			`$SAMBATOOL dns delete "${Server}" "${domain}" "${name}" $AorAAAA "${VAR_A_REC}" "$KTYPE"`
			`result1="$?"`
			`$SAMBATOOL dns add "${Server}" "${domain}" "${name}" $AorAAAA "${ip}" "$KTYPE"`
			`result2="$?"`
			`fi`
			`fi`

			`# get existing reverse zones (if any)`
			`ReverseZones=$($SAMBATOOL dns zonelist "${Server}" "$KTYPE" --reverse \| grep 'pszZoneName' \| awk '{print $NF}')`
			`if [ -z "$ReverseZones" ]; then`
			`logger -s "No reverse zone found, not updating"`
			`result3='0'`
			`result4='0'`
			`count=$((count+1))`
			`else`
			`for revzone in $ReverseZones`
			`do`
			`rev_zone_info "$revzone" "${ip}" "${AorAAAA}"`
			`if [[ ${ip} = $ZoneIP* ]] && [ "$ZoneIP" = "$RZIP" ]`
			`then`
			`# does host have an existing 'PTR' record ?`
			`PTR_REC=$($SAMBATOOL dns query "${Server}" "${revzone}" "${IP2add}" PTR "$KTYPE" 2>/dev/null \| grep 'PTR:' \| awk '{print $2}' \| awk -F '.' '{print $1}')`
			`if [[ -z $PTR_REC ]]`
			`then`
			`# no PTR record to delete`
			`result3=0`
			`$SAMBATOOL dns add "${Server}" "${revzone}" "${IP2add}" PTR "${name}"."${domain}" "$KTYPE"`
			`result4="$?"`
			`break`
			`elif [ "$PTR_REC" = "${name}" ]`
			`then`
			`# Correct PTR record exists, do nothing`
			`logger -s "Correct 'PTR' record exists, not updating."`
			`result3=0`
			`result4=0`
			`count=$((count+1))`
			`break`
			`elif [ "$PTR_REC" != "${name}" ]`
			`then`
			`# Wrong PTR record exists`
			`# points to wrong host`
			`logger -s "'PTR' record changed, updating record."`
			`$SAMBATOOL dns delete "${Server}" "${revzone}" "${IP2add}" PTR "${PTR_REC}"."${domain}" "$KTYPE"`
			`result3="$?"`
			`$SAMBATOOL dns add "${Server}" "${revzone}" "${IP2add}" PTR "${name}"."${domain}" "$KTYPE"`
			`result4="$?"`
			`break`
			`fi`
			`else`
			`continue`
			`fi`
			`done`
			`fi`
			`;;`
			`delete)`
			`_KERBEROS`

			`count=0`
			`name=$(host -t PTR "${ip}" \| sed 's/.\+pointer \([^.]\+\).\+$/\1/')`
			`$SAMBATOOL dns delete "${Server}" "${domain}" "${name}" $AorAAAA "${ip}" "$KTYPE"`
			`result1="$?"`
			`# get existing reverse zones (if any)`
			`ReverseZones=$($SAMBATOOL dns zonelist "${Server}" --reverse "$KTYPE" \| grep 'pszZoneName' \| awk '{print $NF}')`
			`if [ -z "$ReverseZones" ]`
			`then`
			`logger -s "No reverse zone found, not updating"`
			`result2='0'`
			`count=$((count+1))`
			`else`
			`for revzone in $ReverseZones`
			`do`
			`rev_zone_info "$revzone" "${ip}" "${AorAAAA}"`
			`if [[ ${ip} = $ZoneIP* ]] && [ "$ZoneIP" = "$RZIP" ]`
			`then`
			`host -t PTR "${ip}" > /dev/null 2>&1`
			`ret="$?"`
			`if [ $ret -eq 0 ]`
			`then`
			`$SAMBATOOL dns delete "${Server}" "${revzone}" "${IP2add}" PTR "${name}"."${domain}" "$KTYPE"`
			`result2="$?"`
			`else`
			`result2='0'`
			`count=$((count+1))`
			`fi`
			`break`
			`else`
			`continue`
			`fi`
			`done`
			`fi`
			`result3='0'`
			`result4='0'`
			`;;`
			`*)`
			`logger -s "Invalid action specified"`
			`exit 103`
			`;;`
			`esac`

			`result="${result1}:${result2}:${result3}:${result4}"`

			`if [ "$count" -eq 0 ]`
			`then`
			`if [ "${result}" != "0:0:0:0" ]`
			`then`
			`logger -s "DHCP-DNS $action failed: ${result}"`
			`exit 1`
			`else`
			`logger -s "DHCP-DNS $action succeeded"`
			`fi`
			`fi`

			`if [ "$Add_macAddress" != 'no' ]`
			`then`
			`if [ -n "$DHCID" ]`
			`then`
			`Computer_Object=$(ldbsearch "$KTYPE" -H ldap://"$Server" "(&(objectclass=computer)(objectclass=ieee802Device)(cn=$name))" \| grep -v '#' \| grep -v 'ref:')`
			`if [ -z "$Computer_Object" ]`
			`then`
			`# Computer object not found with the 'ieee802Device' objectclass, does the computer actually exist, it should.`
			`Computer_Object=$(ldbsearch "$KTYPE" -H ldap://"$Server" "(&(objectclass=computer)(cn=$name))" \| grep -v '#' \| grep -v 'ref:')`
			`if [ -z "$Computer_Object" ]`
			`then`
			`logger -s "Computer '$name' not found. Exiting."`
			`exit 68`
			`else`
			`DN=$(echo "$Computer_Object" \| grep 'dn:')`
			`objldif="$DN`
			`changetype: modify`
			`add: objectclass`
			`objectclass: ieee802Device"`

			`attrldif="$DN`
			`changetype: modify`
			`add: macAddress`
			`macAddress: $DHCID"`

			`# add the ldif`
			`echo "$objldif" \| ldbmodify "$KTYPE" -H ldap://"$Server"`
			`ret="$?"`
			`if [ $ret -ne 0 ]`
			`then`
			`logger -s "Error modifying Computer objectclass $name in AD."`
			`exit "${ret}"`
			`fi`
			`sleep 2`
			`echo "$attrldif" \| ldbmodify "$KTYPE" -H ldap://"$Server"`
			`ret="$?"`
			`if [ "$ret" -ne 0 ]; then`
			`logger -s "Error modifying Computer attribute $name in AD."`
			`exit "${ret}"`
			`fi`
			`unset objldif`
			`unset attrldif`
			`logger -s "Successfully modified Computer $name in AD"`
			`fi`
			`else`
			`DN=$(echo "$Computer_Object" \| grep 'dn:')`
			`attrldif="$DN`
			`changetype: modify`
			`replace: macAddress`
			`macAddress: $DHCID"`

			`echo "$attrldif" \| ldbmodify "$KTYPE" -H ldap://"$Server"`
			`ret="$?"`
			`if [ "$ret" -ne 0 ]`
			`then`
			`logger -s "Error modifying Computer attribute $name in AD."`
			`exit "${ret}"`
			`fi`
			`unset attrldif`
			`logger -s "Successfully modified Computer $name in AD"`
			`fi`
			`fi`
			`fi`

			`exit 0`