On 09/29/2012 03:26 AM, Andrew Bartlett wrote:
On Sat, 2012-09-29 at 14:06 +0400, Dmitry Khromov wrote:
On Sat, 29 Sep 2012 13:21:21 +1000
Andrew Bartlett <[email protected]> wrote:
The only suggestion I have here is to try turning up the debug level in
the smb.conf
named[12365]: client 192.168.1.32#1039: view realdns: update
'klin.kifato-mk.com/IN' denied
Excuse me, should had it done in the first place.
# sbin/samba -d 10 -i -M single 2> /tmp/smb_err.log | tee /tmp/smb_stdout.log
...
Kerberos: TGS-REQ authtime: 2012-09-29T13:39:44 starttime: 2012-09-29T13:39:47
endtime: 2012-09-29T23:39:44 renew till: unset
Received krb5 UDP packet of length 160 from ipv4:192.168.1.31:53550
Received KDC packet of length 156 from ipv4:192.168.1.31:53550
Kerberos: AS-REQ [email protected] from ipv4:192.168.1.31:53550 for
krbtgt/[email protected]
Kerberos: UNKNOWN -- [email protected]: no such entry found in hdb
/usr/local/samba/sbin/samba_dnsupdate: dns_tkey_negotiategss: TKEY is
unacceptable
For some unknown reason nsupdate is attempting to get a ticket as user
'named'. This is why it fails.
What's the result of a SOA search on your domain name ? (ie. host -t SOA
klin.kiato-mk.com) ?
It seems that nsupdate use the MNAME result (the first word in the
result) as the principal for which it should get a ticket.
Matthieu
--
Matthieu Patou
Samba Team
http://samba.org
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
