[Samba] Bind9 doesn't updated - TSIG error with server: tsig verify failure

Rowland penny rpenny at samba.org
Fri Aug 9 21:14:11 UTC 2019

On 09/08/2019 21:56, Igor Sousa wrote:
> Em sex, 9 de ago de 2019 às 17:26, Rowland penny via samba 
> <samba at lists.samba.org <mailto:samba at lists.samba.org>> escreveu:
>     Well it shouldn't ;-)
>     Each DC should use itself for its nameserver
> Ok. I understand and I think I've forgotten any step when I had 
> mounted 'king'. My bad!
> I've set 'king' IP as the only namesever on resolv.conf and I've got a 
> new Kerberos ticket with 'kinit' command, but when I've tried to 
> update dns entries with 'samba_dnsupdate' I've receive 
> "dns_tkey_negotiategss: TKEY is unacceptable". I've checked 
> '/usr/local/samba/private/dns.keytab' and there is a Kerberos 
> principal listed and I've checked if BIND AD Account exists and it 
> there is.
OK, try adding this line to the smb.conf on 'king':

dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool


More information about the samba mailing list