[Samba] DNS Update Failed

Marcio Demetrio Bacci marciobacci at gmail.com
Sat Aug 3 12:31:44 UTC 2019 

Hi

I disabled even the windows server firewall to see if this is what it was
blocking, but it didn't solve it.

There appear to be Kerberos key errors, but the kinit administrator command
works correctly.

/usr/sbin/samba_dnsupdate:; TSIG error with server: tsig verify failure

Regards,

Márcio Bacci

Em sex, 2 de ago de 2019 às 15:51, Marcio Demetrio Bacci <
marciobacci at gmail.com> escreveu:

> Hi
>
> I believe I am having DNS upgrade issues, as noticed below:
>
>  /etc/init.d/samba-ad-dc status
> ● samba-ad-dc.service - Samba AD Daemon
>    Loaded: loaded (/lib/systemd/system/samba-ad-dc.service; enabled;
> vendor preset: enabled)
>    Active: active (running) since Fri 2019-08-02 10:04:24 -03; 5h 20min ago
>      Docs: man:samba(8)
>            man:samba(7)
>            man:smb.conf(5)
>  Main PID: 9284 (samba)
>    Status: "smbd: ready to serve connections..."
>     Tasks: 24 (limit: 4720)
>    CGroup: /system.slice/samba-ad-dc.service
>            ├─ 9284 /usr/sbin/samba
>            ├─ 9285 /usr/sbin/samba
>            ├─ 9286 /usr/sbin/samba
>            ├─ 9287 /usr/sbin/samba
>            ├─ 9288 /usr/sbin/samba
>            ├─ 9289 /usr/sbin/samba
>            ├─ 9290 /usr/sbin/smbd -D --option=server role
> check:inhibit=yes --foreground
>            ├─ 9291 /usr/sbin/samba
>            ├─ 9292 /usr/sbin/samba
>            ├─ 9293 /usr/sbin/samba
>            ├─ 9294 /usr/sbin/samba
>            ├─ 9295 /usr/sbin/samba
>            ├─ 9296 /usr/sbin/samba
>            ├─ 9297 /usr/sbin/samba
>            ├─ 9298 /usr/sbin/samba
>            ├─ 9300 /usr/sbin/winbindd -D --option=server role
> check:inhibit=yes --foreground
>            ├─ 9319 /usr/sbin/winbindd -D --option=server role
> check:inhibit=yes --foreground
>            ├─ 9320 /usr/sbin/smbd -D --option=server role
> check:inhibit=yes --foreground
>            ├─ 9321 /usr/sbin/smbd -D --option=server role
> check:inhibit=yes --foreground
>            ├─ 9323 /usr/sbin/smbd -D --option=server role
> check:inhibit=yes --foreground
>            ├─ 9461 /usr/sbin/winbindd -D --option=server role
> check:inhibit=yes --foreground
>            ├─11089 /usr/sbin/winbindd -D --option=server role
> check:inhibit=yes --foreground
>            ├─12656 /usr/sbin/smbd -D --option=server role
> check:inhibit=yes --foreground
>            └─13701 /usr/sbin/smbd -D --option=server role
> check:inhibit=yes --foreground
>
> ago 02 15:04:26 samba4-dc samba[9297]: [2019/08/02 15:04:26.226295,  0]
> ../source4/dsdb/dns/dns_update.c:290(dnsupdate_nameupdate_done)
> ago 02 15:04:26 samba4-dc samba[9297]:
> ../source4/dsdb/dns/dns_update.c:290: Failed DNS update - with error code 1
> ago 02 15:14:26 samba4-dc samba[9297]: [2019/08/02 15:14:26.193049,  0]
> ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
> ago 02 15:14:26 samba4-dc samba[9297]:   /usr/sbin/samba_dnsupdate:
> dns_tkey_negotiategss: TKEY is unacceptable
> ago 02 15:14:26 samba4-dc samba[9297]: [2019/08/02 15:14:26.214295,  0]
> ../source4/dsdb/dns/dns_update.c:290(dnsupdate_nameupdate_done)
> ago 02 15:14:26 samba4-dc samba[9297]:
> ../source4/dsdb/dns/dns_update.c:290: Failed DNS update - with error code 1
> ago 02 15:24:26 samba4-dc samba[9297]: [2019/08/02 15:24:26.148273,  0]
> ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
> ago 02 15:24:26 samba4-dc samba[9297]:   /usr/sbin/samba_dnsupdate:
> dns_tkey_negotiategss: TKEY is unacceptable
> ago 02 15:24:26 samba4-dc samba[9297]: [2019/08/02 15:24:26.179684,  0]
> ../source4/dsdb/dns/dns_update.c:290(dnsupdate_nameupdate_done)
> ago 02 15:24:26 samba4-dc samba[9297]:
> ../source4/dsdb/dns/dns_update.c:290: Failed DNS update - with error code 1
>
>
> ........
>
>
> ago 02 15:35:42 samba4-dc samba[689]: [2019/08/02 15:35:42.239661,  0]
> ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
> ago 02 15:35:42 samba4-dc samba[689]:   /usr/sbin/samba_dnsupdate: update
> failed: REFUSED
> ago 02 15:35:42 samba4-dc samba[689]: [2019/08/02 15:35:42.272622,  0]
> ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
> ago 02 15:35:42 samba4-dc samba[689]:   /usr/sbin/samba_dnsupdate: ; TSIG
> error with server: tsig verify failure
> ago 02 15:35:42 samba4-dc samba[689]: [2019/08/02 15:35:42.272708,  0]
> ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
> ago 02 15:35:42 samba4-dc samba[689]:   /usr/sbin/samba_dnsupdate: update
> failed: NOTIMP
> ago 02 15:35:42 samba4-dc samba[689]: [2019/08/02 15:35:42.305040,  0]
> ../source4/dsdb/dns/dns_update.c:290(dnsupdate_nameupdate_done)
> ago 02 15:35:42 samba4-dc samba[689]:
> ../source4/dsdb/dns/dns_update.c:290: Failed DNS update - with error code 2
> ago 02 15:35:42 samba4-dc smbd[680]: [2019/08/02 15:35:42.693498,  0]
> ../lib/util/become_daemon.c:124(daemon_ready)
> ago 02 15:35:42 samba4-dc smbd[680]:   STATUS=daemon 'smbd' finished
> starting up and ready to serve connections
>
>
> Everything was OK, but now I also noticed that inconsistencies started to
> appear between the DC Master bases (Windows Server 2008) and Samba 4 after
> I removed another Windows DC server.
>
> Would anyone have an idea how to solve this problem?
>
> Regards,
>
> Márcio Bacci.
>
>
>

More information about the samba mailing list