[Samba] nsupdate failed: GSSAPI error: A token had an invalid message integrity check
Michael Jones
samba at jonesmz.com
Fri Jan 28 21:03:08 UTC 2022
Thank you for the response.
On Fri, Jan 28, 2022 at 4:16 AM L.P.H. van Belle via samba <
samba at lists.samba.org> wrote:
> On AD-DC or Member ?
>
AD-DC, phrased as "> As the root user on my domain controller." in my
original email, though I know it was a big wall of text, so I probably
would have missed that detail myself.
> Which samba version is this?
>
dc1 ~ # samba --version
Version 4.15.3
dc1 ~ # emerge --info samba
Portage 3.0.30 (python 3.9.9-final-0, default/linux/amd64/17.1, gcc-11.2.0,
glibc-2.33-r7, 5.15.11-gentoo x86_64)
=================================================================
System Settings
=================================================================
System uname:
Linux-5.15.11-gentoo-x86_64-AMD_E-350D_APU_with_Radeon-tm-_HD_Graphics-with-glibc2.33
KiB Mem: 16099556 total, 2375520 free
KiB Swap: 0 total, 0 free
Timestamp of repository gentoo: Thu, 27 Jan 2022 14:52:00 +0000
Head commit of repository gentoo: 1ae2a588f3427d972e3b954ae4172e51b975d4e7
Head commit of repository jonesmz-public-overlay:
aa017c88e14e739423d5cc128d0f8e696a02135e
Head commit of repository lto-overlay:
435a9d968854fef21015796a5f464243dc4caa03
Head commit of repository mv: ee4a1a6d419ab49102d2580c8925ed5605012d6f
Head commit of repository wsdd: 1156bfeeee76150f811af9d8049d0edfb4277851
sh bash 5.1_p8
ld GNU ld (Gentoo 2.37_p1 p0) 2.37
distcc 3.4 x86_64-pc-linux-gnu [disabled]
ccache version 4.5.1 [disabled]
app-misc/pax-utils: 1.3.3::gentoo
app-shells/bash: 5.1_p8::gentoo
dev-lang/perl: 5.34.0-r6::gentoo
dev-lang/python: 3.9.9-r1::gentoo, 3.10.0_p1-r1::gentoo
dev-lang/rust: 1.58.1::gentoo
dev-util/ccache: 4.5.1::gentoo
dev-util/cmake: 3.21.4::gentoo
dev-util/meson: 0.60.3::gentoo
sys-apps/baselayout: 2.7-r3::gentoo
sys-apps/sandbox: 2.25::gentoo
sys-apps/systemd: 249.9::gentoo
sys-devel/autoconf: 2.13-r1::gentoo, 2.71-r1::gentoo
sys-devel/automake: 1.16.4::gentoo
sys-devel/binutils: 2.37_p1::gentoo
sys-devel/binutils-config: 5.4::gentoo
sys-devel/gcc: 11.2.0::gentoo
sys-devel/gcc-config: 2.5-r1::gentoo
sys-devel/libtool: 2.4.6-r6::gentoo
sys-devel/llvm: 13.0.0::gentoo
sys-devel/make: 4.3::gentoo
sys-kernel/linux-headers: 5.15-r3::gentoo (virtual/os-headers)
sys-libs/glibc: 2.33-r7::gentoo
Repositories:
gentoo
location: /var/db/repos/gentoo
sync-type: git
sync-uri: git://anongit.gentoo.org/repo/sync/gentoo.git
priority: -1000
jonesmz-public-overlay
location: /var/db/repos/jonesmz-public-overlay
sync-type: git
sync-uri: https://github.com/jonesmz/gentoo-overlay.git
masters: gentoo
lto-overlay
location: /var/db/repos/lto-overlay
sync-type: git
sync-uri: https://github.com/InBetweenNames/gentooLTO.git
masters: gentoo mv
mv
location: /var/db/repos/mv
sync-type: git
sync-uri: https://anongit.gentoo.org/git/user/mv.git
masters: gentoo
wsdd
location: /var/db/repos/wsdd-gentoo
sync-type: git
sync-uri: https://github.com/christgau/wsdd-gentoo
masters: gentoo
Installed sets: @pc-base-system, @portage
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="@FREE"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O3 -fgraphite-identity -floop-nest-optimize
-fdevirtualize-at-ltrans -fipa-pta -fno-semantic-interposition -flto=1
-fuse-linker-plugin -march=x86-64 -mtune=generic -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf
/etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O2 -pipe -O3 -fgraphite-identity -floop-nest-optimize
-fdevirtualize-at-ltrans -fipa-pta -fno-semantic-interposition -flto=1
-fuse-linker-plugin -march=x86-64 -mtune=generic -pipe"
DISTDIR="/var/cache/distfiles"
EMERGE_DEFAULT_OPTS=" --jobs --keep-going --newuse --changed-deps --deep
--tree --backtrack=3000 --complete-graph --with-bdeps=y
--binpkg-respect-use=y --binpkg-changed-deps=y --changed-slot=y --usepkg=y
--usepkg"
ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN GOPATH
PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY
XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs
binpkg-multi-instance buildpkg buildpkg-live clean-logs compress-build-logs
compressdebug config-protect-if-modified distlocks ebuild-locks fixlafiles
installsources ipc-sandbox merge-sync multilib-strict network-sandbox news
parallel-fetch parallel-install pid-sandbox preserve-libs protect-owned
qa-unresolved-soname-deps sandbox sfperms split-elog split-log splitdebug
strict unknown-features-warn unmerge-logs unmerge-orphans userfetch
userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://distfiles.gentoo.org"
LANG="en_US.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LINGUAS="en en_US"
MAKEOPTS="-j1"
PKGDIR="/var/cache/binpkgs"
PORTAGE_COMPRESS="xz"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times
--omit-dir-times --compress --force --whole-file --delete --stats
--human-readable --timeout=180 --exclude=/distfiles --exclude=/local
--exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
SHELL="/bin/sh"
USE="acl amd64 bzip2 crypt hardened iconv ipv6 libglvnd libtirpc multilib
ncurses nls nptl openmp pam pcre pie readline seccomp split-usr ssl ssp
systemd udev unicode xattr xtpax zlib" ABI_X86="64" ADA_TARGET="gnat_2020"
APACHE2_MODULES="authn_core authz_core authz_host dir mime unixd
socache_shmcb info log_config" CALLIGRA_FEATURES="karbon sheets words"
COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog"
CPU_FLAGS_X86="mmx sse sse2 mmxext" ELIBC="glibc" GPSD_PROTOCOLS="ashtech
aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax
mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3
sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx"
GRUB_PLATFORMS="coreboot efi-64 emu qemu pc" INPUT_DEVICES="libinput"
KERNEL="linux" L10N="en en-US" LCD_DEVICES="bayrad cfontz cfontz633 glk
hd44780 lb216 lcdm001 mtxorb ncurses text"
LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer"
LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1"
OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-4 php8-0"
POSTGRES_TARGETS="postgres12 postgres13" PYTHON_SINGLE_TARGET="python3_9"
PYTHON_TARGETS="python3_9" QEMU_SOFTMMU_TARGETS="arm aarch64 x86_64"
QEMU_USER_TARGETS="arm aarch64 x86_64" RUBY_TARGETS="ruby26 ruby27"
USERLAND="GNU" VIDEO_CARDS="r600 radeon radeonsi amdgpu vesa modesetting
fbdev qxl" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options
ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq proto steal rawnat
logmark ipmark dhcpmac delude chaos account"
Unset: ADDR2LINE, AR, ARFLAGS, AS, ASFLAGS, CC, CCLD, CONFIG_SHELL, CPP,
CPPFLAGS, CTARGET, CXX, CXXFILT, ELFEDIT, EXTRA_ECONF, F77FLAGS, FC, GCOV,
GPROF, INSTALL_MASK, LC_ALL, LD, LEX, LFLAGS, LIBTOOL, MAKE, MAKEFLAGS, NM,
OBJCOPY, OBJDUMP, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND,
PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, RANLIB, READELF,
RUSTFLAGS, SIZE, STRINGS, STRIP, YACC, YFLAGS
=================================================================
Package Settings
=================================================================
net-fs/samba-4.15.3-r1::gentoo was built with the following:
USE="acl addc ads client json ldap pam python regedit snapper systemd
winbind -ceph -cluster -cups -debug (-dmapi) (-fam) -glusterfs -gpg -iprint
-profiling-data -quota (-selinux) -spotlight -syslog (-system-heimdal)
-system-mitkrb5 (-test) -zeroconf" ABI_X86="(64) -32 (-x32)"
CPU_FLAGS_X86="-aes" PYTHON_SINGLE_TARGET="python3_9 -python3_10 -python3_8"
CFLAGS="-O3 -fgraphite-identity -floop-nest-optimize
-fdevirtualize-at-ltrans -fipa-pta -fno-semantic-interposition -flto=1
-fuse-linker-plugin -march=x86-64 -mtune=generic -pipe -Wl,-O1
-Wl,--as-needed"
CXXFLAGS="-O2 -pipe -O3 -fgraphite-identity -floop-nest-optimize
-fdevirtualize-at-ltrans -fipa-pta -fno-semantic-interposition -flto=1
-fuse-linker-plugin -march=x86-64 -mtune=generic -pipe -Wl,-O1
-Wl,--as-needed"
FEATURES="binpkg-multi-instance compress-build-logs xattr sandbox
multilib-strict ipc-sandbox assume-digests binpkg-logs strict usersync
userpriv preserve-libs binpkg-dostrip parallel-fetch
qa-unresolved-soname-deps split-log buildpkg-live installsources
compressdebug ebuild-locks userfetch config-protect-if-modified split-elog
news buildpkg unmerge-logs splitdebug protect-owned unknown-features-warn
clean-logs usersandbox network-sandbox binpkg-docompress unmerge-orphans
pid-sandbox merge-sync sfperms distlocks fixlafiles parallel-install"
LDFLAGS="-Wl,-O1 -Wl,--as-needed -O3 -fgraphite-identity
-floop-nest-optimize -fdevirtualize-at-ltrans -fipa-pta
-fno-semantic-interposition -flto=1 -fuse-linker-plugin -march=x86-64
-mtune=generic -pipe -O2"
dc1 ~ # cat /etc/samba/user.map
# $Id$
# Syntax:
# Unix_name = SMB_name1 SMB_name2 ...
root = NETWORK-1\administrator
dc1 ~ # cat /etc/samba/smb.conf
[global]
server role = active directory domain controller
allow dns updates = nonsecure
dns forwarder = 10.0.0.1 8.8.8.8 8.8.4.4
idmap_ldb:use rfc2307 = yes
workgroup = NETWORK-1
realm = NETWORK-1.NET
##
# If LOCAL isn't specifed, then the local unix domain socket for RPC stops
working, and breaks things.
# Disabled while debugging
##
#hosts allow = 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8
127.0.0.0/8 fe80::/10 fd00::/8 ::1 LOCAL
log level = 2 dns:2 auth:2 vfs:2
nsupdate command = /usr/bin/nsupdate -g -L10
# server min protocol = SMB3
# client min protocol = SMB3
##
# Hack hack hack
# This allows freeradius winbind auth to work
##
ntlm auth = yes
username map = /etc/samba/user.map
create mask = 0666
directory mask = 0777
allow trusted domains = no
template shell = /bin/bash
template homedir = /home/%U
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes
[sysvol]
path = /var/lib/samba/sysvol
read only = no
[netlogon]
path = /var/lib/samba/sysvol/network-1.net/scripts
read only = no
dc1 ~ # cat /etc/krb5.conf
[libdefaults]
default_realm = NETWORK-1.NET
dns_lookup_realm = false
dns_lookup_kdc = true
dc1 ~ # cat /var/lib/samba/private/krb5.conf
[libdefaults]
default_realm = NETWORK-1.NET
dns_lookup_realm = false
dns_lookup_kdc = true
Whats in smb.conf and krb5.conf
>
>
> Key type 3 is DES_CBC_MD5 to give a hint.
>
Is this something that would have changed in the samba codebase since
roughly 2017?
>
> We do need more info on this to help better.
>
>
> Greetz,
>
> Louis
>
Thank you for the assistance.
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > Michael Jones via samba
> > Verzonden: vrijdag 28 januari 2022 10:15
> > Aan: sambalist
> > Onderwerp: [Samba] nsupdate failed: GSSAPI error: A token had
> > an invalid message integrity check
> >
> > I'm troubleshooting why I'm getting
> >
> > > 28-Jan-2022 09:03:00.005 GSS verify error: GSSAPI error:
> > Major = A token
> > had an invalid Message Integrity Check (MIC), Minor = Success.
> >
> > when running
> >
> > > samba_dnsupdate --verbose --all-names
> >
> > As the root user on my domain controller.
> >
> > Had to crank the debugging options up to get the actual error (quoted
> > above).
> >
> > > samba_dnsupdate --verbose --all-names --debuglevel=10 --verbose
> >
> > with
> >
> > > nsupdate command = /usr/bin/nsupdate -g -L10
> >
> > in my smb.conf
> >
> > There's no information about this in google, that I can tell.
> > And the error
> > messages aren't giving me much to go on.
> >
> > This domain controller has been running since at least 2017,
> > and upgraded
> > regularly as my linux distro updates samba. So it's plausible that i'm
> > running into a problem caused by an earlier version of samba
> > that is only
> > manifesting now.
> >
> > Any advice?
> >
> >
> >
> >
> > Truncated command output follows immediately, followed by
> > example snippets
> > out of /var/log/samba.
> >
> > update(nsupdate): SRV _ldap._tcp.ForestDnsZones.network-1.net
> > dc1.network-1.net 389
> > Calling nsupdate for SRV _ldap._tcp.ForestDnsZones.network-1.net
> > dc1.network-1.net 389 (add)
> > Starting GENSEC mechanism gssapi_krb5_sasl
> > GSSAPI credentials for DC1$@NETWORK-1.NET will expire in 35989 secs
> > gensec_update_send: gssapi_krb5_sasl[0x564b018d5f80]: subreq:
> > 0x564b015950e0
> > gensec_update_done: gssapi_krb5_sasl[0x564b018d5f80]:
> > NT_STATUS_MORE_PROCESSING_REQUIRED
> > tevent_req[0x564b015950e0/../../source4/auth/gensec/gensec_gss
> > api.c:1057]:
> > state[2] error[0 (0x0)] state[struct gensec_gssapi_update_state
> > (0x564b015952a0)] timer[(nil)]
> > finish[../../source4/auth/gensec/gensec_gssapi.c:1068]
> > Successfully obtained Kerberos ticket to DNS/dc1.network-1.net as DC1$
> > 28-Jan-2022 09:02:59.885 dns_requestmgr_create
> > 28-Jan-2022 09:02:59.885 dns_requestmgr_create: 0x7f768d8511c8
> > Outgoing update query:
> > ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
> > ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> > ;; UPDATE SECTION:
> > _ldap._tcp.ForestDnsZones.network-1.net. 900 INSRV 0 100 389
> > dc1.network-1.net.
> >
> > 28-Jan-2022 09:02:59.895 dns_request_createvia
> > 28-Jan-2022 09:02:59.895 request_render
> > 28-Jan-2022 09:02:59.905 requestmgr_attach: 0x7f768d8511c8:
> > eref 1 iref 1
> > 28-Jan-2022 09:02:59.905 mgr_gethash
> > 28-Jan-2022 09:02:59.905 req_send: request 0x7f768d857610
> > 28-Jan-2022 09:02:59.905 dns_request_createvia: request 0x7f768d857610
> > 28-Jan-2022 09:02:59.905 req_senddone: request 0x7f768d857610
> > 28-Jan-2022 09:02:59.905 req_response: request 0x7f768d857610: success
> > 28-Jan-2022 09:02:59.905 req_cancel: request 0x7f768d857610
> > 28-Jan-2022 09:02:59.905 req_sendevent: request 0x7f768d857610
> > 28-Jan-2022 09:02:59.905 dns_request_getresponse: request
> > 0x7f768d857610
> > 28-Jan-2022 09:02:59.915 dns_request_createvia
> > 28-Jan-2022 09:02:59.915 request_render
> > 28-Jan-2022 09:02:59.915 requestmgr_attach: 0x7f768d8511c8:
> > eref 1 iref 2
> > 28-Jan-2022 09:02:59.915 mgr_gethash
> > 28-Jan-2022 09:02:59.915 dns_request_createvia: request 0x7f768d857790
> > 28-Jan-2022 09:02:59.915 dns_request_destroy: request 0x7f768d857610
> > 28-Jan-2022 09:02:59.915 req_destroy: request 0x7f768d857610
> > 28-Jan-2022 09:02:59.915 requestmgr_detach: 0x7f768d8511c8:
> > eref 1 iref 1
> > 28-Jan-2022 09:02:59.915 req_connected: request 0x7f768d857790
> > 28-Jan-2022 09:02:59.915 req_send: request 0x7f768d857790
> > 28-Jan-2022 09:02:59.915 req_senddone: request 0x7f768d857790
> > 28-Jan-2022 09:02:59.965 req_response: request 0x7f768d857790: success
> > 28-Jan-2022 09:02:59.965 req_cancel: request 0x7f768d857790
> > 28-Jan-2022 09:02:59.965 req_sendevent: request 0x7f768d857790
> > 28-Jan-2022 09:02:59.965 dns_request_getresponse: request
> > 0x7f768d857790
> > 28-Jan-2022 09:02:59.965 dns_request_createvia
> > 28-Jan-2022 09:02:59.965 request_render
> > 28-Jan-2022 09:02:59.965 requestmgr_attach: 0x7f768d8511c8:
> > eref 1 iref 2
> > 28-Jan-2022 09:02:59.965 mgr_gethash
> > 28-Jan-2022 09:02:59.965 dns_request_createvia: request 0x7f768d857610
> > 28-Jan-2022 09:02:59.965 dns_request_destroy: request 0x7f768d857790
> > 28-Jan-2022 09:02:59.965 req_destroy: request 0x7f768d857790
> > 28-Jan-2022 09:02:59.965 requestmgr_detach: 0x7f768d8511c8:
> > eref 1 iref 1
> > 28-Jan-2022 09:02:59.965 req_connected: request 0x7f768d857610
> > 28-Jan-2022 09:02:59.965 req_send: request 0x7f768d857610
> > 28-Jan-2022 09:02:59.965 req_senddone: request 0x7f768d857610
> > 28-Jan-2022 09:03:00.005 req_response: request 0x7f768d857610: success
> > 28-Jan-2022 09:03:00.005 req_cancel: request 0x7f768d857610
> > 28-Jan-2022 09:03:00.005 req_sendevent: request 0x7f768d857610
> > 28-Jan-2022 09:03:00.005 dns_request_getresponse: request
> > 0x7f768d857610
> > 28-Jan-2022 09:03:00.005 GSS verify error: GSSAPI error:
> > Major = A token
> > had an invalid Message Integrity Check (MIC), Minor = Success.
> > 28-Jan-2022 09:03:00.005 tsig key '4222350327.sig-dc1.network-1.net'
> > (<null>): signature failed to verify(1)
> > ; TSIG error with server: tsig verify failure
> > 28-Jan-2022 09:03:00.005 dns_request_destroy: request 0x7f768d857610
> > 28-Jan-2022 09:03:00.005 req_destroy: request 0x7f768d857610
> > 28-Jan-2022 09:03:00.005 requestmgr_detach: 0x7f768d8511c8:
> > eref 1 iref 0
> > 28-Jan-2022 09:03:00.005 dns_requestmgr_shutdown: 0x7f768d8511c8
> > 28-Jan-2022 09:03:00.005 send_shutdown_events: 0x7f768d8511c8
> > 28-Jan-2022 09:03:00.005 dns_requestmgr_detach:
> > 0x7f768d8511c8: eref 0 iref
> > 0
> > 28-Jan-2022 09:03:00.005 mgr_destroy
> > Failed nsupdate: 2
> > update(nsupdate): SRV _ldap._tcp.Default-First-Site-Name._
> > sites.ForestDnsZones.network-1.net dc1.network-1.net 389
> > Calling nsupdate for SRV _ldap._tcp.Default-First-Site-Name._
> > sites.ForestDnsZones.network-1.net dc1.network-1.net 389 (add)
> > Starting GENSEC mechanism gssapi_krb5_sasl
> > GSSAPI credentials for DC1$@NETWORK-1.NET will expire in 35988 secs
> > gensec_update_send: gssapi_krb5_sasl[0x564b018d5f80]: subreq:
> > 0x564b015950e0
> > gensec_update_done: gssapi_krb5_sasl[0x564b018d5f80]:
> > NT_STATUS_MORE_PROCESSING_REQUIRED
> > tevent_req[0x564b015950e0/../../source4/auth/gensec/gensec_gss
> > api.c:1057]:
> > state[2] error[0 (0x0)] state[struct gensec_gssapi_update_state
> > (0x564b015952a0)] timer[(nil)]
> > finish[../../source4/auth/gensec/gensec_gssapi.c:1068]
> > Successfully obtained Kerberos ticket to DNS/dc1.network-1.net as DC1$
> > 28-Jan-2022 09:03:00.275 dns_requestmgr_create
> > 28-Jan-2022 09:03:00.275 dns_requestmgr_create: 0x7ff91f5df1c8
> > Outgoing update query:
> > ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
> > ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> > ;; UPDATE SECTION:
> > _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.netwo
> > rk-1.net.900
> > IN SRV 0 100 389 dc1.network-1.net.
> >
> > 28-Jan-2022 09:03:00.275 dns_request_createvia
> > 28-Jan-2022 09:03:00.285 request_render
> > 28-Jan-2022 09:03:00.285 requestmgr_attach: 0x7ff91f5df1c8:
> > eref 1 iref 1
> > 28-Jan-2022 09:03:00.285 mgr_gethash
> > 28-Jan-2022 09:03:00.285 req_send: request 0x7ff91f5e5610
> > 28-Jan-2022 09:03:00.285 dns_request_createvia: request 0x7ff91f5e5610
> > 28-Jan-2022 09:03:00.285 req_senddone: request 0x7ff91f5e5610
> > 28-Jan-2022 09:03:00.285 req_response: request 0x7ff91f5e5610: success
> > 28-Jan-2022 09:03:00.285 req_cancel: request 0x7ff91f5e5610
> > 28-Jan-2022 09:03:00.285 req_sendevent: request 0x7ff91f5e5610
> > 28-Jan-2022 09:03:00.285 dns_request_getresponse: request
> > 0x7ff91f5e5610
> > 28-Jan-2022 09:03:00.295 dns_request_createvia
> > 28-Jan-2022 09:03:00.295 request_render
> > 28-Jan-2022 09:03:00.295 requestmgr_attach: 0x7ff91f5df1c8:
> > eref 1 iref 2
> > 28-Jan-2022 09:03:00.295 mgr_gethash
> > 28-Jan-2022 09:03:00.295 dns_request_createvia: request 0x7ff91f5e5790
> > 28-Jan-2022 09:03:00.295 dns_request_destroy: request 0x7ff91f5e5610
> > 28-Jan-2022 09:03:00.295 req_destroy: request 0x7ff91f5e5610
> > 28-Jan-2022 09:03:00.295 requestmgr_detach: 0x7ff91f5df1c8:
> > eref 1 iref 1
> > 28-Jan-2022 09:03:00.295 req_connected: request 0x7ff91f5e5790
> > 28-Jan-2022 09:03:00.295 req_send: request 0x7ff91f5e5790
> > 28-Jan-2022 09:03:00.305 req_senddone: request 0x7ff91f5e5790
> > 28-Jan-2022 09:03:00.335 req_response: request 0x7ff91f5e5790: success
> > 28-Jan-2022 09:03:00.335 req_cancel: request 0x7ff91f5e5790
> > 28-Jan-2022 09:03:00.335 req_sendevent: request 0x7ff91f5e5790
> > 28-Jan-2022 09:03:00.335 dns_request_getresponse: request
> > 0x7ff91f5e5790
> > 28-Jan-2022 09:03:00.335 dns_request_createvia
> > 28-Jan-2022 09:03:00.335 request_render
> > 28-Jan-2022 09:03:00.335 requestmgr_attach: 0x7ff91f5df1c8:
> > eref 1 iref 2
> > 28-Jan-2022 09:03:00.335 mgr_gethash
> > 28-Jan-2022 09:03:00.335 dns_request_createvia: request 0x7ff91f5e5610
> > 28-Jan-2022 09:03:00.335 dns_request_destroy: request 0x7ff91f5e5790
> > 28-Jan-2022 09:03:00.335 req_destroy: request 0x7ff91f5e5790
> > 28-Jan-2022 09:03:00.335 requestmgr_detach: 0x7ff91f5df1c8:
> > eref 1 iref 1
> > 28-Jan-2022 09:03:00.335 req_connected: request 0x7ff91f5e5610
> > 28-Jan-2022 09:03:00.335 req_send: request 0x7ff91f5e5610
> > 28-Jan-2022 09:03:00.345 req_senddone: request 0x7ff91f5e5610
> > 28-Jan-2022 09:03:00.365 req_response: request 0x7ff91f5e5610: success
> > 28-Jan-2022 09:03:00.365 req_cancel: request 0x7ff91f5e5610
> > 28-Jan-2022 09:03:00.365 req_sendevent: request 0x7ff91f5e5610
> > 28-Jan-2022 09:03:00.365 dns_request_getresponse: request
> > 0x7ff91f5e5610
> > 28-Jan-2022 09:03:00.365 GSS verify error: GSSAPI error:
> > Major = A token
> > had an invalid Message Integrity Check (MIC), Minor = Success.
> > 28-Jan-2022 09:03:00.365 tsig key '3433197691.sig-dc1.network-1.net'
> > (<null>): signature failed to verify(1)
> > ; TSIG error with server: tsig verify failure
> > 28-Jan-2022 09:03:00.365 dns_request_destroy: request 0x7ff91f5e5610
> > 28-Jan-2022 09:03:00.365 req_destroy: request 0x7ff91f5e5610
> > 28-Jan-2022 09:03:00.365 requestmgr_detach: 0x7ff91f5df1c8:
> > eref 1 iref 0
> > 28-Jan-2022 09:03:00.375 dns_requestmgr_shutdown: 0x7ff91f5df1c8
> > 28-Jan-2022 09:03:00.375 send_shutdown_events: 0x7ff91f5df1c8
> > 28-Jan-2022 09:03:00.375 dns_requestmgr_detach:
> > 0x7ff91f5df1c8: eref 0 iref
> > 0
> > 28-Jan-2022 09:03:00.375 mgr_destroy
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > Data from /var/log/samba/
> >
> >
> >
> > [2022/01/28 03:02:57.729026, 2]
> > ../../source4/dns_server/dns_update.c:824(dns_server_process_update)
> > Got a dns update request.
> > [2022/01/28 03:02:57.729226, 2]
> > ../../source4/dns_server/dns_update.c:771(dns_update_allowed)
> > All updates allowed.
> > [2022/01/28 03:02:57.732085, 2]
> > ../../source4/dns_server/dns_update.c:397(handle_one_update)
> > Looking at record:
> > [2022/01/28 03:02:57.732402, 2]
> > ../../source4/dns_server/dns_update.c:398(handle_one_update)
> > [2022/01/28 03:02:57.732479, 1]
> > ../../librpc/ndr/ndr.c:435(ndr_print_debug)
> > discard_const(update): struct dns_res_rec
> > name :
> > '_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.network-1.net'
> > rr_type : DNS_QTYPE_SRV (0x21)
> > rr_class : DNS_QCLASS_IN (0x1)
> > ttl : 0x00000384 (900)
> > length : 0x0019 (25)
> > rdata : union dns_rdata(case 0x21)
> > srv_record: struct dns_srv_record
> > priority : 0x0000 (0)
> > weight : 0x0064 (100)
> > port : 0x0cc4 (3268)
> > target : 'dc1.network-1.net'
> > unexpected : DATA_BLOB length=0
> > [2022/01/28 03:02:57.885790, 2]
> > ../../source4/kdc/db-glue.c:643(samba_kdc_message2entry_keys)
> > Unsupported keytype ignored - type 3
> > [2022/01/28 03:02:57.888483, 2]
> > ../../source4/kdc/db-glue.c:643(samba_kdc_message2entry_keys)
> > Unsupported keytype ignored - type 1
> > [2022/01/28 03:02:58.045607, 2]
> > ../../source4/dns_server/dns_update.c:824(dns_server_process_update)
> > Got a dns update request.
> > [2022/01/28 03:02:58.045825, 2]
> > ../../source4/dns_server/dns_update.c:771(dns_update_allowed)
> > All updates allowed.
> > [2022/01/28 03:02:58.048526, 2]
> > ../../source4/dns_server/dns_update.c:397(handle_one_update)
> > Looking at record:
> > [2022/01/28 03:02:58.048741, 2]
> > ../../source4/dns_server/dns_update.c:398(handle_one_update)
> > [2022/01/28 03:02:58.048816, 1]
> > ../../librpc/ndr/ndr.c:435(ndr_print_debug)
> > discard_const(update): struct dns_res_rec
> > name : 'DomainDnsZones.network-1.net'
> > rr_type : DNS_QTYPE_A (0x1)
> > rr_class : DNS_QCLASS_IN (0x1)
> > ttl : 0x00000384 (900)
> > length : 0x0004 (4)
> > rdata : union dns_rdata(case 0x1)
> > ipv4_record : 10.0.0.3
> > unexpected : DATA_BLOB length=0
> > [2022/01/28 03:02:58.188259, 2]
> > ../../source4/kdc/db-glue.c:643(samba_kdc_message2entry_keys)
> > Unsupported keytype ignored - type 3
> > [2022/01/28 03:02:58.188499, 2]
> > ../../source4/kdc/db-glue.c:643(samba_kdc_message2entry_keys)
> > Unsupported keytype ignored - type 1
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list