[Samba] Bind9 doesn't updated - TSIG error with server: tsig verify failure
Rowland penny
rpenny at samba.org
Sun Aug 11 08:17:39 UTC 2019
On 11/08/2019 02:36, Igor Sousa wrote:
> Hi Rowland,
>
> I've added 'dns update command' on global section of smb.conf file and
> I've configured namesever on '/etc/resolv.conf' as 127.0.0.1 (I've
> tried with 'kings' IP address too), but I don't know if this has
> worked. I've seen some dns updates errors on 'systemctl status
> samba-ad-dc' though the same command has returned status 'Active
> (running)'. And I've use 'samba_dnsupdate', as I've mentioned
> previously, and I've received 'dns_tkey_negotiategss: TKEY is
> unacceptable' error and all entries have had their dns update failed.
> I've read
> https://wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable
> but I think my case doesn't match with described cases.
>
> I've thought for a time to demote 'king' from 'SMB' and create a new
> DC to join 'SMB'. I haven't done it because I've had no guarantees
> that this will work.
>
> OBS: I've used Cent OS7 with firewalld and SElinux disabled.
Do not use '127.0.0.1' in /etc/resolv.conf, use the DC's ipaddress.
Stop running 'samba_dnsupdate' directly, but if you must, add
'--use-samba-tool'
By using '--use-samba-tool' you are doing the updates over RPC instead
of kerberos.
Rowland
More information about the samba
mailing list