[Samba] Samba 4.7.2 + bind on Fedora 27: samba_dlz: spnego update failed
Rowland Penny
rpenny at samba.org
Mon Dec 4 16:02:33 UTC 2017
On Mon, 04 Dec 2017 16:31:16 +0100
Dario Lesca via samba <samba at lists.samba.org> wrote:
> Il giorno lun, 04/12/2017 alle 16.00 +0100, Dario Lesca via samba ha
> scritto:
> > The samba command
> >
> > samba_dnsupdate --verbose --all-names --fail-immediately
> >
> > not work
>
> I have add '-d 9' to dlz section
>
> dlz "AD DNS Zone" {
> # For BIND 9.11.x
> database "dlopen /usr/lib64/samba/bind9/dlz_bind9_11.so -d
> 9"; };
>
> And this is the debug message:
>
> [ root at server-addc ~]# samba_dnsupdate --all-names
> --fail-immediately update failed: REFUSED
>
> dic 04 16:25:21 server-addc.dogma-to.loc named[1121]: samba_dlz:
> starting transaction on zone dogma-to.loc dic 04 16:25:21
> server-addc.dogma-to.loc named[1121]: samba_dlz: Starting GENSEC
> mechanism spnego dic 04 16:25:21 server-addc.dogma-to.loc
> named[1121]: samba_dlz: Starting GENSEC submechanism gssapi_krb5 dic
> 04 16:25:21 server-addc.dogma-to.loc named[1121]: samba_dlz: GSS
> server Update(krb5)(1) Update failed: Unspecified GSS failure. Minor
> code may provide more information: Request is a replay dic 04
> 16:25:21 server-addc.dogma-to.loc named[1121]: samba_dlz: spnego
> update failed dic 04 16:25:21 server-addc.dogma-to.loc named[1121]:
> client @0x7fafe90c3400 192.168.41.1#57335/key
> SERVER-ADDC\$\@DOGMA-TO.LOC: updating zone 'dogma-to.loc/NONE':
> update failed: rejected by secure update (REFUSED) dic 04 16:25:21
> server-addc.dogma-to.loc named[1121]: samba_dlz: cancelling
> transaction on zone dogma-to.loc
>
> Can this help us?
>
> Thanks
>
The significant word there is 'replay'.
see here:
https://lists.samba.org/archive/samba/2017-November/211990.html
Rowland
More information about the samba
mailing list