samba_dnsupdate: Server not found in Kerberos database. [SOLVED]
Tobias
samba-technical at firefotz.de
Mon Dec 2 17:21:15 MST 2013
Hi,
I've finally solved the problem by adding a DNS-Record without
host-name. I don't know if it's the right way to do it, but it worked
dn: CN=dns-tau,CN=Users,DC=bavaria,DC=lan
changetype: modify
add: servicePrincipalName
servicePrincipalName: DNS/bavaria.lan
Sorry to have bothered you
Ciao
Tobias
On 12/02/2013 10:46 PM, Tobias wrote:
> Hi,
>
> I'm setting up Samba4 using BIND9_DLZ as dns-backend. However if I start
> samba I get the message (multiple times):
>
> /usr/sbin/samba_dnsupdate: tkey query failed: GSSAPI error: Major =
> Unspecified GSS failure. Minor code may provide more information, Minor
> = Server not found in Kerberos database.
> ../source4/dsdb/dns/dns_update.c:294: Failed DNS update -
> NT_STATUS_DISK_FULL
>
> The Versions I use are:
>
> Samba: 4.0.12-SerNet-Debian-8.squeeze
> Bind9: 9.8.4-rpz2+rl005.12-P1
>
> Help would be appreciated :) - Thank you
>
> But now for some more Information
>
>
> If I run 'samba_dnsupdate -d15 --fail-immediately --all-names' the last
> output is:
>
> ldb: Running timer event 0x94ba580 "ltdb_callback"
>
> ldb: ldb_trace_response: ENTRY
> dn: flatname=BAVARIA,cn=Primary Domains
> msDS-KeyVersionNumber: 1
> objectClass: top
> objectClass: primaryDomain
> objectClass: kerberosSecret
> objectSid: S-1-5-21-1650449081-3089633644-1615261580
> privateKeytab: secrets.keytab
> realm: BAVARIA.LAN
> saltPrincipal: host/tau.bavaria.lan at BAVARIA.LAN
> samAccountName: TAU$
> secret: i&6 * snip *
> secureChannelType: 6
> servicePrincipalName: HOST/tau
> servicePrincipalName: HOST/tau.bavaria.lan
> objectGUID: 568914e7-7607-446d-8555-dfbe56415861
> whenCreated: 20131202175337.0Z
> whenChanged: 20131202175337.0Z
> uSNCreated: 7
> uSNChanged: 7
> name: BAVARIA
> flatname: BAVARIA
> distinguishedName: flatname=BAVARIA,cn=Primary Domains
>
> ldb: Destroying timer event 0x93d5c68 "ltdb_timeout"
>
> ldb: Ending timer event 0x94ba580 "ltdb_callback"
>
> tkey query failed: GSSAPI error: Major = Unspecified GSS failure.
> Minor code may provide more information, Minor = Server not found in
> Kerberos database.
>
> The following commands seem to work if I invoke them manually:
>
> kinit -t /var/lib/samba/private/secrets.keytab -S
> "DNS/tau.BAVARIA.LAN at BAVARIA.LAN" TAU\$@BAVARIA.LA
> kinit -t /var/lib/samba/private/dns.keytab dns-tau
>
> Here some further output output of commands I tried:
>
> # samba-tool spn list dns-tau
>
> User CN=dns-tau,CN=Users,DC=bavaria,DC=lan has the following
> servicePrincipalName:
> DNS/tau.bavaria.lan
>
> # ldapsearch servicePrincipalName=DNS/tau.bavaria.lan
>
> dn: CN=dns-tau,CN=Users,DC=bavaria,DC=lan
> objectClass: organizationalPerson
> objectClass: user
> instanceType: 4
> uSNCreated: 3601
> name: dns-tau
> objectGUID:: TlMjfFFDpUSM+L8vWq6jkA==
> userAccountControl: 512
> badPwdCount: 0
> codePage: 0
> countryCode: 0
> badPasswordTime: 0
> lastLogoff: 0
> lastLogon: 0
> pwdLastSet: 130304801060000000
> primaryGroupID: 513
> objectSid:: AQUAAAAAAAUVAAAAudpfYmwRKLiM70ZgNQgAAA==
> accountExpires: 9223372036854775807
> logonCount: 0
> sAMAccountName: dns-tau
> sAMAccountType: 805306368
> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=bavaria,DC=lan
> isCriticalSystemObject: TRUE
> servicePrincipalName: DNS/tau.bavaria.lan
> whenChanged: 20131202201825.0Z
> uSNChanged: 3771
> distinguishedName: CN=dns-tau,CN=Users,DC=bavaria,DC=lan
>
> # dig tau.bavaria.lan
>
> tau.bavaria.lan. 1200 IN A 10.10.0.1
>
> # dig ptr 1.0.10.10.in-addr.arpa
>
> 1.0.10.10.in-addr.arpa. 1200 IN PTR tau.bavaria.lan.
>
> The SOA-Line of my zone-file is:
>
> bavaria.lan IN SOA bavaria.lan. tau.bavaria.lan.
>
> Thank you for your help
>
> Tobias
>
More information about the samba-technical
mailing list