[Samba] Bind9 doesn't updated - TSIG error with server: tsig verify failure

Igor Sousa igorvolt at gmail.com
Sat Aug 10 15:05:39 UTC 2019


Hi Rowland,

Before to add 'dns update command = /usr/sbin/samba_dnsupdate
--use-samba-tool' I've tried once to run 'samba_dnsupdate --verbose
--all-names' and it has returned me TSIG error again. More precisely, 'TSIG
error with server: tsig verify failure'

--
Igor Sousa


Em sex, 9 de ago de 2019 às 18:14, Rowland penny via samba <
samba at lists.samba.org> escreveu:

> On 09/08/2019 21:56, Igor Sousa wrote:
> > Em sex, 9 de ago de 2019 às 17:26, Rowland penny via samba
> > <samba at lists.samba.org <mailto:samba at lists.samba.org>> escreveu:
> >
> >     Well it shouldn't ;-)
> >
> >     Each DC should use itself for its nameserver
> >
> >
> > Ok. I understand and I think I've forgotten any step when I had
> > mounted 'king'. My bad!
> >
> > I've set 'king' IP as the only namesever on resolv.conf and I've got a
> > new Kerberos ticket with 'kinit' command, but when I've tried to
> > update dns entries with 'samba_dnsupdate' I've receive
> > "dns_tkey_negotiategss: TKEY is unacceptable". I've checked
> > '/usr/local/samba/private/dns.keytab' and there is a Kerberos
> > principal listed and I've checked if BIND AD Account exists and it
> > there is.
> >
> OK, try adding this line to the smb.conf on 'king':
>
> dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list