[Samba] TSIG error with the server: tsig verify failure
Philip Banh
philip.banh at gmail.com
Wed Jan 20 20:28:13 UTC 2021
Hi everyone,
I hope you're all doing well.
I recently added a 3rd DC to my domain within a different site, but it
seems to be having issues when I try to run samba_dnsupdate. My other two
DC, who are on the default site, has no issues when running the command.
I'll post the error below:
Samba4 version: 4.10.2
....
Failed nsupdate: 2
update(nsupdate): SRV _ldap._tcp.DemoSite._sites.ForestDnsZones.example.com
<http://sites.forestdnszones.example.com/> DC3.example.com
<http://dc3.example.com/> 389
Calling nsupdate for SRV _ldap._tcp.DemoSite._
sites.ForestDnsZones.example.com <http://sites.forestdnszones.example.com/>
DC3.example.com <http://dc3.example.com/> 389 (add)
Successfully obtained Kerberos ticket to DNS/DC3.example.com
<http://dc3.example.com/> as DC3$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.DemoSite._sites.ForestDnsZones.example.com
<http://sites.forestdnszones.example.com/>. 900 IN SRV 0 100 389
DC3.example.com <http://dc3.example.com/>.
...
; TSIG error with the server: tsig verify failure
Failed nsupdate: 2
Failed update of 28 entries
...
My resolv.conf:
...
search example.com
nameserver 172.16.0.172
nameserver 10.10.10.170
nameserver 10.10.10.171
...
The DC in question uses 172.16.0.172, as it's in a different site on a
different subnet.
Please let me know if you require additional clarification or information.
Thank you,
Philip
More information about the samba
mailing list