[Samba] TSIG failure
Garming Sam
garming at catalyst.net.nz
Thu Jul 21 12:18:12 UTC 2016
Hi,
I've been looking into a similar sounding issue and which I think is a
regression in 4.3. (Amazingly there's so few people with mixed domains,
probably in particular ones which require joining additional DCs at some
later point)
I may be able to provide more information soon, but this might be the
culprit commit:
https://git.samba.org/?p=samba.git;a=commit;h=e85ef1dbfef4b16c35cac80c0efc563d8cd1ba3e
When you start up Samba, do you see these debug messages during the
initial samba_dnsupdate run?
GSS server Update(krb5)(1) Update failed:
Miscellaneous failure (see text): Failed to find
SAMBA-BUIL$@2008R2.HOWTO.ABARTLET.NET(kvno 3) in keytab
FILE:/tmp/private/secrets.keytab (aes256-cts-hmac-sha1-96)
Cheers,
Garming
On 20/07/2016 1:52 a.m., Dave Hawkes wrote:
> I'm attempting to join samba 4 (using latest 4.4 built from source) as
> DC to an existing Win 2k8 server domain. The join works fine with no
> errors and appears to be replicating fine. However the DNS is not
> updated and I get the following error multiple times when running
> samba_dnsupdate --all-names:
>
> TSIG error with server: tsig verify failure
>
> I've checked the time and all servers are synchronised, however if I
> capture the temporary ticket that is produced for nsupdate the Service
> principal is not the name of the samba 4 server but the name of one of
> the Win 2k8 servers.
>
> When I check this on a test domain of purely samba 4 servers the
> Service Principal is always the name of the server updating itself.
>
> I've tried both BIND_DLZ and INTERNAL DNS and they both give the same
> error.
>
> Does anyone have any ideas what is going on?
>
> Thanks,
> Dave Hawkes
>
>
>
More information about the samba
mailing list