[Samba] DNS update errors after a second DC is added to domain
Roy Eastwood
spindles7 at gmail.com
Mon Feb 26 21:18:31 UTC 2018
Hi,
I have a test system consisting of two samba 4.7.5 DCs and a member server based
on Gentoo 4.9.76-gentoo-r1. Both servers using SAMBA_INTERNAL dns.
When I added the second DC to the domain, the join went OK with no errors
reported, but the log shows errors relating to dns updates and the SRV records
etc for the new DC have not been created. Running samba_dnsupdate on the new
DC results in "Failed update of 26 entries", all with NOTAUTH(BADSIG) errors
(also TSIG errors, but I understand that's to be expected as the internal dns
server doesn't support TSIG).
The log on the original DC shows these errors:
[2018/02/26 21:08:10.634806, 1]
../auth/kerberos/gssapi_helper.c:388(gssapi_check_packet)
GSS VerifyMic failed: A token had an invalid MIC: unknown mech-code
2529638943 for mech 1 2 840 113554 1 2 2
[2018/02/26 21:08:10.634820, 0]
../source4/auth/gensec/gensec_gssapi.c:1344(gensec_gssapi_check_packet)
gssapi_check_packet(hdr_signing=0,sig_size=28,data=171,pdu=171) failed:
NT_STATUS_ACCESS_DENIED
Any help trying to resolve this will be appreciated,
Roy
More information about the samba
mailing list