Internal DNS update error
Andrew Bartlett
abartlet at samba.org
Fri Sep 28 15:41:21 MDT 2012
On Fri, 2012-09-28 at 14:48 +0200, steve wrote:
> Hi
> With the internal DNS server I keep getting this as of today:
> samba --version
> Version 4.1.0pre1-GIT-a6be8a9
>
> Got a dns update request.
> Update not allowed for unsigned packet.
> Kerberos: TGS-REQ hh20$@HH3.SITE from ipv4:192.168.1.45:1086 for
> DNS/hh1.hh3.site at HH3.SITE [renewable, forwardable]
> Kerberos: TGS-REQ authtime: 2012-09-28T14:41:04 starttime:
> 2012-09-28T14:41:55 endtime: 2012-09-29T00:41:04 renew till:
> 2012-10-05T14:41:04
> GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see
> text): Decrypt integrity check failed
> SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
> SPNEGO login failed: NT_STATUS_LOGON_FAILURE
> GSS key negotiation returned NT_STATUS_LOGON_FAILURE
>
> I switched back to bind and it was OK.
>
> Here is the [Global] in smb.conf for the internal DNS server:
> s
> [global]
> workgroup = MARINA
> realm = hh3.site
> netbios name = HH1
> # server services = -dns
> interfaces = 192.168.1.2
> dns forwarder = 192.168.1.1
> server role = active directory domain controller
> passdb backend = samba4
> idmap_ldb:use rfc2307 = Yes
>
> Am I missing a config line here?
Have you run samba_upgradedns?
This will look at your server services line and either create or delete
the dns-hh1 account as required.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list