[Samba] Samba with Mit-krb5, update ddns fails
luckydog xf
luckydogxf at gmail.com
Fri Sep 29 09:08:23 UTC 2017
hi,
I built samba v4.7.0 with Mit-krb5-1.15.2-x86-64( and also tried with
Mit-krb5-1.15.1-x86-86), everything works fine.
But when client windows7 joins AD, a new DNS A record should be added into
DNS(Bind), but it fails.
I test via administrator and its ticket.
====================================
[root at pdc samba]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator at AD.PTHL.HK
Valid starting Expires Service principal
09/29/2017 16:05:25 09/30/2017 02:05:25 krbtgt/AD.PTHL.HK at AD.PTHL.HK
renew until 09/30/2017 16:05:15
09/29/2017 16:05:37 09/30/2017 02:05:25 DNS/pdc.ad.pthl.hk at AD.PTHL.HK
renew until 09/30/2017 16:05:15
=====================================
and run
=================================
nsupdate -g -d -L 9 -v<< UPDATE
server pdc.ad.pthl.hk
realm AD.PTHL.HK <http://ad.pthl.hk/>
update add test.ad.pthl.hk 3600 A 172.16.232.199
send
UPDATE
========================
Here is /var/log/message:
Sep 29 16:34:42 pdc named[1332]: samba_dlz: starting transaction on zone
ad.pthl.hk
Sep 29 16:34:42 pdc named[1332]: samba_dlz: GSS server Update(krb5)(1)
Update failed: Unspecified GSS failure. Minor code may provide more
information: Request is a replay
Sep 29 16:34:42 pdc named[1332]: samba_dlz: spnego update failed
Sep 29 16:34:42 pdc named[1332]: client 172.16.232.204#43318/key
administrator\@AD.PTHL.HK <http://ad.pthl.hk/>: updating zone '
ad.pthl.hk/NONE': update failed: rejected by secure update (REFUSED)
Sep 29 16:34:42 pdc named[1332]: samba_dlz: cancelling transaction on zone
ad.pthl.hk
=================================================
The same thing is done without any error by Samba V4.7.0 with build-in
Heimedal-Krb5. So I guess there is something wrong with samba and mit-krb5.
Can someone offer me any suggestion?
More information about the samba
mailing list