samba_dnsupdate do not work, error Check your Kerberos ticket, it may have expired.
Matthieu Patou
mat at samba.org
Tue Oct 26 08:02:44 MDT 2010
Hi rohit,
> here is the full error
>
> DC2
> [Tue Oct 19 13:56:21 2010 IST, 0
> ../../lib/util/util_runcmd.c:288:samba_runcmd_io_handler()]
> /usr/local/samba/sbin/samba_dnsupdate: Check your Kerberos ticket, it
> may have expired.
>
> DC1
>
> [Tue Oct 19 12:54:45 2010 IST, 0
> ../dsdb/repl/drepl_notify.c:218:dreplsrv_notify_op_callback()]
> dreplsrv_notify: Failed to send DsReplicaSync to
> 6ed1db01-415f-4499-9475-2a63c8a834b2._msdcs.xxx.com for
> CN=Configuration,DC=xxx,DC=com - NT_STATUS_IO_TIMEOUT : WERR_SEM_TIMEOUT
>
Have you made an upgradeprovision --full since ~20 of september 2010,
I'm pretty sure yes. If so then you have now two objects with the same
DNS/realm serviceprincialname. If my guess is true then your s4 server
can't authenticate against this spn as you have 2 different possible
password against which it can authenticate and of course it didn't know
which one.
Just to confirm can you do:
ldbsearch -H ldap://localhost '(servicePrincipalName=DNS*)' and paste
the result.
If you have two users then you'll have to wait for my fixes in my
upgradeprovision branch to come to mainstream (soon I hope) so that you
can run upgradeprovision --full in order to fix it.
Matthieu.
--
Matthieu Patou
Samba Team http://samba.org
Private repo http://git.samba.org/?p=mat/samba.git;a=summary
More information about the samba-technical
mailing list