samba_dnsupdate: Check your Kerberos ticket, it may have expired.
Michael Wood
esiotrot at gmail.com
Thu Jan 17 08:38:16 MST 2013
Hi
I have been running Samba 4 since about alpha 11 or 12. It's been upgraded
since then, but not yet to 4.0.1. It's using the bind flat file DNS
backend which has been working fine so far, since I don't need to do any
DNS updates etc.
For testing purposes I've compiled 4.0.1 on a separate machine and restored
a backup of my live domain onto it. I gather there might be issues with
the server name by doing this, but I'm not entirely sure.
I decided to try switching to the internal DNS backend, so I ran the
samba_upgradedns tool and it seemed to work, but there's no
_ldap._tcp.my.domain SRV record.
I tried running samba_dnsupdate --all-names --verbose, but it spews out a
bunch of errors suggesting that the Kerberos ticket might have expired. I
tried running "samba-tool domain exportkeytab dns.keytab
--principal=DNS at my.domain" (and put the resulting file into samba's private
directory) but this did not have any noticeable effect.
So, what causes this sort of thing? When and how is dns.keytab normally
generated? Is dns.keytab the problem or am I barking up the wrong tree?
If dns.keytab is the problem, how do I fix it?
Thanks.
--
Michael Wood <esiotrot at gmail.com>
More information about the samba-technical
mailing list