[Samba] DNS and DC replication clarification
Mircea Husz
mirceahusz at yahoo.com
Mon Mar 6 16:30:48 UTC 2017
All,
I configured two DCs (Samba version 4.5.5) replicating ad.corp.com in two sites (
https://wiki.samba.org/index.php/Active_Directory_Sites)
Following 'DNS configuration on Domain Controllers' section from this wiki
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory
If I configure nameserver DC1 to be the first resolver for DC2,
samba_dnsupdate --verbose --all-names fails with '
tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database.'
The failure makes sense because each DC has keys only for itself in dns.keytab, as shown by
'klist -k /usr/local/samba/private/dns.keytab'. It makes no sense functionally for one DC to update another's DNS directly.
Seems to me the failure from 'samba_dnsupdate --verbose --all-names' can be ignored when another DC's nameserver is listed first. Unless I'm missing something ?
-Mike
More information about the samba
mailing list