[Samba] Bind9 doesn't updated - TSIG error with server: tsig verify failure

Igor Sousa igorvolt at gmail.com
Fri Aug 9 20:19:40 UTC 2019 

Em qui, 8 de ago de 2019 às 04:30, Rowland penny via samba <
samba at lists.samba.org> escreveu:

> > What a lot of work you didn't need to do, 'samba-tool domain demote
> --remove-other-dead-server=samba4bkp' would have done it for you ;-)
>

Good to know it. I'll tried if I face the same problem.

Em qui, 8 de ago de 2019 às 04:30, Rowland penny via samba <
samba at lists.samba.org> escreveu:

> > Is 'king' using itself for its nameserver ?
> >
> > It looks like it isn't: 'Successfully obtained Kerberos ticket to
> > DNS/samba4.smb as KING$


'king' is using the 'samba4' such as its nameserver. I've confirmed that
samba4 has the FSMO Roles. I've check cached Kerberos tickets and I've seen
that 'king's ticket has expired at 04/26/2019 (this is the date when I've
created 'king' and add it as a DC on SMB). After this, I've obtained a new
Kerberos ticket with 'kinit' command, but 'samba_dnsupdate --verbose
--all-names' has returned the same problem I've reported.

OBS: Shouldn't DC renew Kerberos ticket automatically?

Regards!
--
Igor Sousa




=========== Kerberos ticket =============
[root at king ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator at SMB.UFC.BR

Valid starting       Expires              Service principal
04/25/2019 14:42:03  04/26/2019 00:42:03  krbtgt/SMB.UFC.BR at SMB.UFC.BR
renew until 04/26/2019 14:41:57
[root at king ~]# kinit administrator
Password for administrator at SMB:
[root at king ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator at SMB.UFC.BR

Valid starting       Expires              Service principal
08/09/2019 17:06:36  08/10/2019 03:06:36  krbtgt/SMB.UFC.BR at SMB.UFC.BR
renew until 08/10/2019 17:06:31

======== FMSO owner ==============
[root at king ~]# samba-tool fsmo show
SchemaMasterRole owner: CN=NTDS
Settings,CN=SAMBA4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=smb
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=SAMBA4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=smb
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=SAMBA4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=smb
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=SAMBA4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=smb
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=SAMBA4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=smb
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=SAMBA4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=smb
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=SAMBA4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=smb

More information about the samba mailing list