samba_dnsupdate: Server not found in Kerberos database.
Tobias
samba-technical at firefotz.de
Mon Dec 2 14:46:48 MST 2013
Hi,
I'm setting up Samba4 using BIND9_DLZ as dns-backend. However if I start
samba I get the message (multiple times):
/usr/sbin/samba_dnsupdate: tkey query failed: GSSAPI error: Major =
Unspecified GSS failure. Minor code may provide more information, Minor
= Server not found in Kerberos database.
../source4/dsdb/dns/dns_update.c:294: Failed DNS update -
NT_STATUS_DISK_FULL
The Versions I use are:
Samba: 4.0.12-SerNet-Debian-8.squeeze
Bind9: 9.8.4-rpz2+rl005.12-P1
Help would be appreciated :) - Thank you
But now for some more Information
If I run 'samba_dnsupdate -d15 --fail-immediately --all-names' the last
output is:
ldb: Running timer event 0x94ba580 "ltdb_callback"
ldb: ldb_trace_response: ENTRY
dn: flatname=BAVARIA,cn=Primary Domains
msDS-KeyVersionNumber: 1
objectClass: top
objectClass: primaryDomain
objectClass: kerberosSecret
objectSid: S-1-5-21-1650449081-3089633644-1615261580
privateKeytab: secrets.keytab
realm: BAVARIA.LAN
saltPrincipal: host/tau.bavaria.lan at BAVARIA.LAN
samAccountName: TAU$
secret: i&6 * snip *
secureChannelType: 6
servicePrincipalName: HOST/tau
servicePrincipalName: HOST/tau.bavaria.lan
objectGUID: 568914e7-7607-446d-8555-dfbe56415861
whenCreated: 20131202175337.0Z
whenChanged: 20131202175337.0Z
uSNCreated: 7
uSNChanged: 7
name: BAVARIA
flatname: BAVARIA
distinguishedName: flatname=BAVARIA,cn=Primary Domains
ldb: Destroying timer event 0x93d5c68 "ltdb_timeout"
ldb: Ending timer event 0x94ba580 "ltdb_callback"
tkey query failed: GSSAPI error: Major = Unspecified GSS failure.
Minor code may provide more information, Minor = Server not found in
Kerberos database.
The following commands seem to work if I invoke them manually:
kinit -t /var/lib/samba/private/secrets.keytab -S
"DNS/tau.BAVARIA.LAN at BAVARIA.LAN" TAU\$@BAVARIA.LA
kinit -t /var/lib/samba/private/dns.keytab dns-tau
Here some further output output of commands I tried:
# samba-tool spn list dns-tau
User CN=dns-tau,CN=Users,DC=bavaria,DC=lan has the following
servicePrincipalName:
DNS/tau.bavaria.lan
# ldapsearch servicePrincipalName=DNS/tau.bavaria.lan
dn: CN=dns-tau,CN=Users,DC=bavaria,DC=lan
objectClass: organizationalPerson
objectClass: user
instanceType: 4
uSNCreated: 3601
name: dns-tau
objectGUID:: TlMjfFFDpUSM+L8vWq6jkA==
userAccountControl: 512
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
pwdLastSet: 130304801060000000
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAAudpfYmwRKLiM70ZgNQgAAA==
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: dns-tau
sAMAccountType: 805306368
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=bavaria,DC=lan
isCriticalSystemObject: TRUE
servicePrincipalName: DNS/tau.bavaria.lan
whenChanged: 20131202201825.0Z
uSNChanged: 3771
distinguishedName: CN=dns-tau,CN=Users,DC=bavaria,DC=lan
# dig tau.bavaria.lan
tau.bavaria.lan. 1200 IN A 10.10.0.1
# dig ptr 1.0.10.10.in-addr.arpa
1.0.10.10.in-addr.arpa. 1200 IN PTR tau.bavaria.lan.
The SOA-Line of my zone-file is:
bavaria.lan IN SOA bavaria.lan. tau.bavaria.lan.
Thank you for your help
Tobias
More information about the samba-technical
mailing list