[Samba] TSIG errors when updating DNS
Rowland Penny
rpenny at samba.org
Sat Feb 4 12:21:50 UTC 2023
On 04/02/2023 11:46, Peter Milesson via samba wrote:
> Hi folks,
>
> I get the following errors when running samba_dnsupdate --verbose
> --all-names on both my samba AD DCs. I have cut the list, as it repeats
> the TSIG error
>
> The resolvconf package is not installed, each DC points to itself with
> its 172.16.10.xx in resolv.conf. The hosts file is OK on both DCs.
>
> I have tried to add the following line to smb.conf and restart, it does
> not help, however.
>
> dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool
That will have no effect when running samba_dnsupdate. You could try
adding '--use-samba-tool' to the samba_dnsupdate command, but I think it
will error with an error that isn't an error, how can the record
existing be an error ?
>
> I've seen this subject being brought up previously on this list, but it
> beats me why it pops up now.
>
> OS is Debian Bullseye with backports. Samba was upgraded to 4.17.5 from
> the backports packages today on both DCs.
What version did you upgrade from ?
>
> I would very much appreciate some help on this.
I think what is happening here is that your kerberos ticket is too old,
it still has the old keys in it.
Rowland
More information about the samba
mailing list