samba_dnsupdate do not work, error Check your Kerberos ticket, it may have expired.
Matthieu Patou
mat at samba.org
Tue Oct 19 05:59:40 MDT 2010
On 19/10/2010 15:05, Rohit Rajan wrote:
> Sorry i forgot to mention, i'm using the bind only on the DC1 and dc2
> is pointing to the dc1 bind server only.
>
> the bind version
> DC1
> BIND 9.7.2-P2 built with '--with-openssl' '--with-gssapi'
> '--enable-threads' '--disable-openssl-version-check'
>
Super good version
> DC2
> no bind
>
> yes the libdefaults sections on both the servers are set
>
> DC1
>
> [libdefaults]
> default_realm = XXX.COM
> dns_lookup_realm = false
> dns_lookup_kdc = false
> ticket_lifetime = 24h
> forwardable = yes
>
> DC2
> [libdefaults]
> dns_lookup_realm = true
> dns_lookup_kdc = true
> default_realm = XXX.COM
>
>
> samba 4 NTLMSSP NTLMV2 packet check failed due to invalid signature!
Where is it ? and for the bind I was thinking at something like:
logging {
channel update_debug {
file "/var/log/update-debug.log";
severity debug 10;
print-category yes;
print-severity yes;
print-time yes;
};
channel security_info {
file "/var/log/named-auth.info";
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
channel queries_info {
file "/var/log/named-queries.info";
severity debug 1;
print-category yes;
print-severity yes;
print-time yes;
};
//category client {update_debug; };
//category unmatched {update_debug; };
//category general {update_debug; };
//category dnssec {update_debug; };
//category update-security {update_debug; };
category update { update_debug; };
category security { security_info; };
category edns-disabled { null; };
category lame-servers { null;};
category queries { queries_info; };
};
In your /etc/bind/named.conf, can you also make a tcpdump trace between
your two servers and send it to me if you want more analysis.
Matthieu.
--
Matthieu Patou
Samba Team http://samba.org
More information about the samba-technical
mailing list