samba_dnsupdate do not work, error Check your Kerberos ticket, it may have expired.
Matthieu Patou
mat at samba.org
Tue Oct 19 03:57:17 MDT 2010
On 19/10/2010 12:30, Rohit Rajan wrote:
> here is the full error
>
> DC2
> [Tue Oct 19 13:56:21 2010 IST, 0
> ../../lib/util/util_runcmd.c:288:samba_runcmd_io_handler()]
> /usr/local/samba/sbin/samba_dnsupdate: Check your Kerberos ticket, it
> may have expired.
>
> DC1
>
> [Tue Oct 19 12:54:45 2010 IST, 0
> ../dsdb/repl/drepl_notify.c:218:dreplsrv_notify_op_callback()]
> dreplsrv_notify: Failed to send DsReplicaSync to
> 6ed1db01-415f-4499-9475-2a63c8a834b2._msdcs.xxx.com for
> CN=Configuration,DC=xxx,DC=com - NT_STATUS_IO_TIMEOUT : WERR_SEM_TIMEOUT
>
>
> On 10/19/2010 1:12 PM, Rohit Rajan wrote:
>> Hi all,
>>
>> I have recently added the additional domain controller to my samba 4
>> provision, the vampire went fine and the dc got vampired, but the
>> replication do not work, that is because i believe my dns do have the
>> entries for the second domain controller. the second domain
>> controller gives me error of "Check your Kerberos ticket, it may have
>> expired." according to the previous post of Robert Perschl, by adding
>> the tkey-gssapi-credential "DNS/my.realm";will resolve the issue but
>> i already have it in my named.conf. not sure where to look at.
>>
>> dc1
>> Centos5.5, pyhton 2.4, samba Version 4.0.0alpha14-GIT-cd04af7
>>
>> dc2
>> Ubuntu 10.04.1
>> Python 2.6.5
>> Version 4.0.0alpha14-GIT-1229935
What is the version of bind on both ?
Did you put some debug on the bind ?
Have you the default realm set on both krb5.conf of both server (in the
[libdefaults] section).
Matthieu
--
Matthieu Patou
Samba Team http://samba.org
More information about the samba-technical
mailing list