[Samba] BIND-DLZ refuses to update
Matthieu Patou
mat at samba.org
Mon Oct 1 23:14:57 MDT 2012
On 09/29/2012 03:26 AM, Andrew Bartlett wrote:
> On Sat, 2012-09-29 at 14:06 +0400, Dmitry Khromov wrote:
>> On Sat, 29 Sep 2012 13:21:21 +1000
>> Andrew Bartlett <abartlet at samba.org> wrote:
>>
>>> The only suggestion I have here is to try turning up the debug level in
>>> the smb.conf
>>> named[12365]: client 192.168.1.32#1039: view realdns: update 'klin.kifato-mk.com/IN' denied
>> Excuse me, should had it done in the first place.
>> # sbin/samba -d 10 -i -M single 2> /tmp/smb_err.log | tee /tmp/smb_stdout.log
>> ...
>> Kerberos: TGS-REQ authtime: 2012-09-29T13:39:44 starttime: 2012-09-29T13:39:47 endtime: 2012-09-29T23:39:44 renew till: unset
>> Received krb5 UDP packet of length 160 from ipv4:192.168.1.31:53550
>> Received KDC packet of length 156 from ipv4:192.168.1.31:53550
>> Kerberos: AS-REQ named at KLIN.KIFATO-MK.COM from ipv4:192.168.1.31:53550 for krbtgt/KLIN.KIFATO-MK.COM at KLIN.KIFATO-MK.COM
>
>> Kerberos: UNKNOWN -- named at KLIN.KIFATO-MK.COM: no such entry found in hdb
>> /usr/local/samba/sbin/samba_dnsupdate: dns_tkey_negotiategss: TKEY is unacceptable
> For some unknown reason nsupdate is attempting to get a ticket as user
> 'named'. This is why it fails.
What's the result of a SOA search on your domain name ? (ie. host -t SOA
klin.kiato-mk.com) ?
It seems that nsupdate use the MNAME result (the first word in the
result) as the principal for which it should get a ticket.
Matthieu
--
Matthieu Patou
Samba Team
http://samba.org
More information about the samba
mailing list