[Samba] Bind9 doesn't updated - TSIG error with server: tsig verify failure
Rowland penny
rpenny at samba.org
Fri Aug 9 21:14:11 UTC 2019
On 09/08/2019 21:56, Igor Sousa wrote:
> Em sex, 9 de ago de 2019 às 17:26, Rowland penny via samba
> <samba at lists.samba.org <mailto:samba at lists.samba.org>> escreveu:
>
> Well it shouldn't ;-)
>
> Each DC should use itself for its nameserver
>
>
> Ok. I understand and I think I've forgotten any step when I had
> mounted 'king'. My bad!
>
> I've set 'king' IP as the only namesever on resolv.conf and I've got a
> new Kerberos ticket with 'kinit' command, but when I've tried to
> update dns entries with 'samba_dnsupdate' I've receive
> "dns_tkey_negotiategss: TKEY is unacceptable". I've checked
> '/usr/local/samba/private/dns.keytab' and there is a Kerberos
> principal listed and I've checked if BIND AD Account exists and it
> there is.
>
OK, try adding this line to the smb.conf on 'king':
dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool
Rowland
More information about the samba
mailing list