[Samba] BIND-DLZ refuses to update
Andrew Bartlett
abartlet at samba.org
Sat Sep 29 04:26:01 MDT 2012
On Sat, 2012-09-29 at 14:06 +0400, Dmitry Khromov wrote:
> On Sat, 29 Sep 2012 13:21:21 +1000
> Andrew Bartlett <abartlet at samba.org> wrote:
>
> > The only suggestion I have here is to try turning up the debug level in
> > the smb.conf
> > named[12365]: client 192.168.1.32#1039: view realdns: update 'klin.kifato-mk.com/IN' denied
>
> Excuse me, should had it done in the first place.
> # sbin/samba -d 10 -i -M single 2> /tmp/smb_err.log | tee /tmp/smb_stdout.log
> ...
> Kerberos: TGS-REQ authtime: 2012-09-29T13:39:44 starttime: 2012-09-29T13:39:47 endtime: 2012-09-29T23:39:44 renew till: unset
> Received krb5 UDP packet of length 160 from ipv4:192.168.1.31:53550
> Received KDC packet of length 156 from ipv4:192.168.1.31:53550
> Kerberos: AS-REQ named at KLIN.KIFATO-MK.COM from ipv4:192.168.1.31:53550 for krbtgt/KLIN.KIFATO-MK.COM at KLIN.KIFATO-MK.COM
> Kerberos: UNKNOWN -- named at KLIN.KIFATO-MK.COM: no such entry found in hdb
> /usr/local/samba/sbin/samba_dnsupdate: dns_tkey_negotiategss: TKEY is unacceptable
For some unknown reason nsupdate is attempting to get a ticket as user
'named'. This is why it fails.
Now, of course you want to know why it does this, but as far as I can
see it's internal to BIND's nsupdate utility. For a number of reasons
we expect to replace this with a Samba-internal command/library soon,
but not before Samba 4.0.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba
mailing list