On Sat, 2012-09-29 at 14:06 +0400, Dmitry Khromov wrote: > On Sat, 29 Sep 2012 13:21:21 +1000 > Andrew Bartlett <[email protected]> wrote: > > > The only suggestion I have here is to try turning up the debug level in > > the smb.conf > > named[12365]: client 192.168.1.32#1039: view realdns: update > > 'klin.kifato-mk.com/IN' denied > > Excuse me, should had it done in the first place. > # sbin/samba -d 10 -i -M single 2> /tmp/smb_err.log | tee /tmp/smb_stdout.log > ... > Kerberos: TGS-REQ authtime: 2012-09-29T13:39:44 starttime: > 2012-09-29T13:39:47 endtime: 2012-09-29T23:39:44 renew till: unset > Received krb5 UDP packet of length 160 from ipv4:192.168.1.31:53550 > Received KDC packet of length 156 from ipv4:192.168.1.31:53550 > Kerberos: AS-REQ [email protected] from ipv4:192.168.1.31:53550 for > krbtgt/[email protected]
> Kerberos: UNKNOWN -- [email protected]: no such entry found in hdb > /usr/local/samba/sbin/samba_dnsupdate: dns_tkey_negotiategss: TKEY is > unacceptable For some unknown reason nsupdate is attempting to get a ticket as user 'named'. This is why it fails. Now, of course you want to know why it does this, but as far as I can see it's internal to BIND's nsupdate utility. For a number of reasons we expect to replace this with a Samba-internal command/library soon, but not before Samba 4.0. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
