[Samba] Samba 4 kinit: cannot contact any KDC in requested realm // TSIG error

Markus Schaufler m.schaufler.ms at gmail.com
Sat Jan 19 07:14:49 MST 2013 

I had freshly installed an Ubuntu Server 12.04lts and Samba 4.0.1 using the
internal DNS.
I followed the official HowTo until "kinit administrator at DOMAIN.LOCAL"
It didn't work (cannot contact any kdc...)

A "netstat" showed that "avahi-daemon" was running at:
807/avahi-daemon: r
udp        0      0 10.0.0.20:389           0.0.0.0:*

After removing that package kinit worked.
Removing "avahi-daemon" (a type of zeroconf?) deletes also
"libnss-mdns"...I hope, Samba doesn't have any need of that package?

however "/usr/local/samba/sbin/samba_dnsupdate --verbose --all-names"
does not work!

[...]
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
Calling nsupdate for SRV
_gc._tcp.default-first-site-name._sites.schau.local tuxsrv.schau.local 3268
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_gc._tcp.default-first-site-name._sites.schau.local. 900 IN SRV 0 100 3268
tuxsrv.schau.local.

; TSIG error with server: tsig verify failure
Failed nsupdate: 2
Failed update of 21 entries

------
[...]

Looking at record:
     discard_const(update): struct dns_res_rec
        name                     : '_gc._tcp.schau.local'
        rr_type                  : DNS_QTYPE_SRV (0x21)
        rr_class                 : DNS_QCLASS_IN (0x1)
        ttl                      : 0x00000384 (900)
        length                   : 0x001a (26)
        rdata                    : union dns_rdata(case 0x21)
        srv_record: struct dns_srv_record
            priority                 : 0x0000 (0)
            weight                   : 0x0064 (100)
            port                     : 0x0cc4 (3268)
            target                   : 'tuxsrv.schau.local'
        unexpected               : DATA_BLOB length=0
Tkey handshake completed
Got a dns update request.
update count is 1
Looking at record:
     discard_const(update): struct dns_res_rec
        name                     :
'_gc._tcp.default-first-site-name._sites.schau.local'
        rr_type                  : DNS_QTYPE_SRV (0x21)
        rr_class                 : DNS_QCLASS_IN (0x1)
        ttl                      : 0x00000384 (900)
        length                   : 0x001a (26)
        rdata                    : union dns_rdata(case 0x21)
        srv_record: struct dns_srv_record
            priority                 : 0x0000 (0)
            weight                   : 0x0064 (100)
            port                     : 0x0cc4 (3268)
            target                   : 'tuxsrv.schau.local'
        unexpected               : DATA_BLOB length=0

In a seperate installation with external BIND (9.8.1) I don't get these
errors...

Markus

More information about the samba mailing list