[Samba] Bind9 doesn't updated - TSIG error with server: tsig verify failure
Rowland penny
rpenny at samba.org
Fri Aug 9 20:25:43 UTC 2019
On 09/08/2019 21:19, Igor Sousa wrote:
> Em qui, 8 de ago de 2019 às 04:30, Rowland penny via samba
> <samba at lists.samba.org <mailto:samba at lists.samba.org>> escreveu:
>
> > What a lot of work you didn't need to do, 'samba-tool domain demote
> --remove-other-dead-server=samba4bkp' would have done it for you ;-)
>
> Good to know it. I'll tried if I face the same problem.
>
> Em qui, 8 de ago de 2019 às 04:30, Rowland penny via samba
> <samba at lists.samba.org <mailto:samba at lists.samba.org>> escreveu:
>
> > Is 'king' using itself for its nameserver ?
> >
> > It looks like it isn't: 'Successfully obtained Kerberos ticket to
> > DNS/samba4.smb as KING$
>
> 'king' is using the 'samba4' such as its nameserver.
Well it shouldn't ;-)
Each DC should use itself for its nameserver
> I've confirmed that samba4 has the FSMO Roles. I've check cached
> Kerberos tickets and I've seen that 'king's ticket has expired at
> 04/26/2019 (this is the date when I've created 'king' and add it as a
> DC on SMB). After this, I've obtained a new Kerberos ticket with
> 'kinit' command, but 'samba_dnsupdate --verbose --all-names' has
> returned the same problem I've reported.
>
> OBS: Shouldn't DC renew Kerberos ticket automatically?
They do, but you are trying to update the records for 'king' using a
ticket for 'samba4'
Rowland
More information about the samba
mailing list