[Samba] TSIG errors when updating DNS
Peter Milesson
miles at atmos.eu
Sat Feb 4 13:43:48 UTC 2023
On 04.02.2023 13:21, Rowland Penny via samba wrote:
>
>
> On 04/02/2023 11:46, Peter Milesson via samba wrote:
>> Hi folks,
>>
>> I get the following errors when running samba_dnsupdate --verbose
>> --all-names on both my samba AD DCs. I have cut the list, as it
>> repeats the TSIG error
>>
>> The resolvconf package is not installed, each DC points to itself
>> with its 172.16.10.xx in resolv.conf. The hosts file is OK on both DCs.
>>
>> I have tried to add the following line to smb.conf and restart, it
>> does not help, however.
>>
>> dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool
>
> That will have no effect when running samba_dnsupdate. You could try
> adding '--use-samba-tool' to the samba_dnsupdate command, but I think
> it will error with an error that isn't an error, how can the record
> existing be an error ?
>
>>
>> I've seen this subject being brought up previously on this list, but
>> it beats me why it pops up now.
>>
>> OS is Debian Bullseye with backports. Samba was upgraded to 4.17.5
>> from the backports packages today on both DCs.
>
> What version did you upgrade from ?
>
On the old DC from Louis' last package, I think it was 4.15.6, and on
the new one from 4.17.4
>>
>> I would very much appreciate some help on this.
>
> I think what is happening here is that your kerberos ticket is too
> old, it still has the old keys in it.
How can I fix that?
>
> Rowland
>
Best regards,
Peter
More information about the samba
mailing list