Dynamic DNS Update - Check your Kerberos ticket, it may have expired.

Robert Perschl samba-list at xhul.de
Tue May 11 06:14:51 MDT 2010


Hi there,

the problem was solved with help form CmdrBrain from #samba-technical 
irc channel.

I had to add the following line into my /etc/bind/named.conf.options.

tkey-gssapi-credential "DNS/my.realm";

Thanks!
I hope that will help others.

Greetings,
Robert Perschl.

On 11.05.2010 11:58, Robert Perschl wrote:
>
> Hello Everyone,
>
> i have a problem with the current (yesterday) git releases of samba4 
> and bind9 (git-tridge) regarding dynamic dns updates.
>
> When i join a Windows Client in the fresh installed Active Directory i 
> don't get a DNS entry in Bind.
>
> Last Friday i asked about this problem on #samba-technical and got the 
> information, that i need a patched bind. After that a fetched the bind 
> sources from tridge. But i have the same problem again.
>
> To find the problem, i added a custom entry in dns_update_list and 
> startet "samba_dnsupdate --verbose" and got this result:
>
>     /Calling nsupdate for A w-pc190 192.168.2.190
>     Outgoing update query:
>     ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
>     ;; flags: ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
>     ;; UPDATE SECTION:
>     w-pc190.        900    IN    A    192.168.2.190
>
>     Check your Kerberos ticket, it may have expired./
>
> Before running that command, i did a "kinit administrator at PETEX.SMB" 
> and a klist -e after that.
>
>     /Ticket cache: FILE:/tmp/krb5cc_0/
>     /Default principal: administrator at PETEX.SMB/
>
>     /Valid starting     Expires            Service principal/
>     /05/11/10 11:41:42  05/12/10 11:41:40 krbtgt/PETEX.SMB at PETEX.SMB/
>     /    Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5 /
>
> So here i am. Here some details about my stuff:
>
> My System:
> * Ubuntu 10.04 LTS x86_64 kernel-2.6.32-22
> * Samba4 (Samba 4.0.0alpha12-GIT-e4ce727)
> * bind9 (BIND 9.6.1-P2 from tridge)
>
> The Setup:
> I followed these instructions to setup my system.
> * http://wiki.samba.org/index.php/Samba4/HOWTO
>
> The samba4-machine is the only domain controller so far. There are no 
> Windows Servers involved. The test client is a Windows XP Pro 32-bit VM.
>
> Thanks in advance for your help.
>
> Kind regards,
> Robert Perschl.
>



More information about the samba-technical mailing list