Michael Jones
2022-Jan-28 09:15 UTC
[Samba] nsupdate failed: GSSAPI error: A token had an invalid message integrity check
I'm troubleshooting why I'm getting> 28-Jan-2022 09:03:00.005 GSS verify error: GSSAPI error: Major = A tokenhad an invalid Message Integrity Check (MIC), Minor = Success. when running> samba_dnsupdate --verbose --all-namesAs the root user on my domain controller. Had to crank the debugging options up to get the actual error (quoted above).> samba_dnsupdate --verbose --all-names --debuglevel=10 --verbosewith> nsupdate command = /usr/bin/nsupdate -g -L10in my smb.conf There's no information about this in google, that I can tell. And the error messages aren't giving me much to go on. This domain controller has been running since at least 2017, and upgraded regularly as my linux distro updates samba. So it's plausible that i'm running into a problem caused by an earlier version of samba that is only manifesting now. Any advice? Truncated command output follows immediately, followed by example snippets out of /var/log/samba. update(nsupdate): SRV _ldap._tcp.ForestDnsZones.network-1.net dc1.network-1.net 389 Calling nsupdate for SRV _ldap._tcp.ForestDnsZones.network-1.net dc1.network-1.net 389 (add) Starting GENSEC mechanism gssapi_krb5_sasl GSSAPI credentials for DC1$@NETWORK-1.NET will expire in 35989 secs gensec_update_send: gssapi_krb5_sasl[0x564b018d5f80]: subreq: 0x564b015950e0 gensec_update_done: gssapi_krb5_sasl[0x564b018d5f80]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x564b015950e0/../../source4/auth/gensec/gensec_gssapi.c:1057]: state[2] error[0 (0x0)] state[struct gensec_gssapi_update_state (0x564b015952a0)] timer[(nil)] finish[../../source4/auth/gensec/gensec_gssapi.c:1068] Successfully obtained Kerberos ticket to DNS/dc1.network-1.net as DC1$ 28-Jan-2022 09:02:59.885 dns_requestmgr_create 28-Jan-2022 09:02:59.885 dns_requestmgr_create: 0x7f768d8511c8 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _ldap._tcp.ForestDnsZones.network-1.net. 900 INSRV 0 100 389 dc1.network-1.net. 28-Jan-2022 09:02:59.895 dns_request_createvia 28-Jan-2022 09:02:59.895 request_render 28-Jan-2022 09:02:59.905 requestmgr_attach: 0x7f768d8511c8: eref 1 iref 1 28-Jan-2022 09:02:59.905 mgr_gethash 28-Jan-2022 09:02:59.905 req_send: request 0x7f768d857610 28-Jan-2022 09:02:59.905 dns_request_createvia: request 0x7f768d857610 28-Jan-2022 09:02:59.905 req_senddone: request 0x7f768d857610 28-Jan-2022 09:02:59.905 req_response: request 0x7f768d857610: success 28-Jan-2022 09:02:59.905 req_cancel: request 0x7f768d857610 28-Jan-2022 09:02:59.905 req_sendevent: request 0x7f768d857610 28-Jan-2022 09:02:59.905 dns_request_getresponse: request 0x7f768d857610 28-Jan-2022 09:02:59.915 dns_request_createvia 28-Jan-2022 09:02:59.915 request_render 28-Jan-2022 09:02:59.915 requestmgr_attach: 0x7f768d8511c8: eref 1 iref 2 28-Jan-2022 09:02:59.915 mgr_gethash 28-Jan-2022 09:02:59.915 dns_request_createvia: request 0x7f768d857790 28-Jan-2022 09:02:59.915 dns_request_destroy: request 0x7f768d857610 28-Jan-2022 09:02:59.915 req_destroy: request 0x7f768d857610 28-Jan-2022 09:02:59.915 requestmgr_detach: 0x7f768d8511c8: eref 1 iref 1 28-Jan-2022 09:02:59.915 req_connected: request 0x7f768d857790 28-Jan-2022 09:02:59.915 req_send: request 0x7f768d857790 28-Jan-2022 09:02:59.915 req_senddone: request 0x7f768d857790 28-Jan-2022 09:02:59.965 req_response: request 0x7f768d857790: success 28-Jan-2022 09:02:59.965 req_cancel: request 0x7f768d857790 28-Jan-2022 09:02:59.965 req_sendevent: request 0x7f768d857790 28-Jan-2022 09:02:59.965 dns_request_getresponse: request 0x7f768d857790 28-Jan-2022 09:02:59.965 dns_request_createvia 28-Jan-2022 09:02:59.965 request_render 28-Jan-2022 09:02:59.965 requestmgr_attach: 0x7f768d8511c8: eref 1 iref 2 28-Jan-2022 09:02:59.965 mgr_gethash 28-Jan-2022 09:02:59.965 dns_request_createvia: request 0x7f768d857610 28-Jan-2022 09:02:59.965 dns_request_destroy: request 0x7f768d857790 28-Jan-2022 09:02:59.965 req_destroy: request 0x7f768d857790 28-Jan-2022 09:02:59.965 requestmgr_detach: 0x7f768d8511c8: eref 1 iref 1 28-Jan-2022 09:02:59.965 req_connected: request 0x7f768d857610 28-Jan-2022 09:02:59.965 req_send: request 0x7f768d857610 28-Jan-2022 09:02:59.965 req_senddone: request 0x7f768d857610 28-Jan-2022 09:03:00.005 req_response: request 0x7f768d857610: success 28-Jan-2022 09:03:00.005 req_cancel: request 0x7f768d857610 28-Jan-2022 09:03:00.005 req_sendevent: request 0x7f768d857610 28-Jan-2022 09:03:00.005 dns_request_getresponse: request 0x7f768d857610 28-Jan-2022 09:03:00.005 GSS verify error: GSSAPI error: Major = A token had an invalid Message Integrity Check (MIC), Minor = Success. 28-Jan-2022 09:03:00.005 tsig key '4222350327.sig-dc1.network-1.net' (<null>): signature failed to verify(1) ; TSIG error with server: tsig verify failure 28-Jan-2022 09:03:00.005 dns_request_destroy: request 0x7f768d857610 28-Jan-2022 09:03:00.005 req_destroy: request 0x7f768d857610 28-Jan-2022 09:03:00.005 requestmgr_detach: 0x7f768d8511c8: eref 1 iref 0 28-Jan-2022 09:03:00.005 dns_requestmgr_shutdown: 0x7f768d8511c8 28-Jan-2022 09:03:00.005 send_shutdown_events: 0x7f768d8511c8 28-Jan-2022 09:03:00.005 dns_requestmgr_detach: 0x7f768d8511c8: eref 0 iref 0 28-Jan-2022 09:03:00.005 mgr_destroy Failed nsupdate: 2 update(nsupdate): SRV _ldap._tcp.Default-First-Site-Name._ sites.ForestDnsZones.network-1.net dc1.network-1.net 389 Calling nsupdate for SRV _ldap._tcp.Default-First-Site-Name._ sites.ForestDnsZones.network-1.net dc1.network-1.net 389 (add) Starting GENSEC mechanism gssapi_krb5_sasl GSSAPI credentials for DC1$@NETWORK-1.NET will expire in 35988 secs gensec_update_send: gssapi_krb5_sasl[0x564b018d5f80]: subreq: 0x564b015950e0 gensec_update_done: gssapi_krb5_sasl[0x564b018d5f80]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x564b015950e0/../../source4/auth/gensec/gensec_gssapi.c:1057]: state[2] error[0 (0x0)] state[struct gensec_gssapi_update_state (0x564b015952a0)] timer[(nil)] finish[../../source4/auth/gensec/gensec_gssapi.c:1068] Successfully obtained Kerberos ticket to DNS/dc1.network-1.net as DC1$ 28-Jan-2022 09:03:00.275 dns_requestmgr_create 28-Jan-2022 09:03:00.275 dns_requestmgr_create: 0x7ff91f5df1c8 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.network-1.net.900 IN SRV 0 100 389 dc1.network-1.net. 28-Jan-2022 09:03:00.275 dns_request_createvia 28-Jan-2022 09:03:00.285 request_render 28-Jan-2022 09:03:00.285 requestmgr_attach: 0x7ff91f5df1c8: eref 1 iref 1 28-Jan-2022 09:03:00.285 mgr_gethash 28-Jan-2022 09:03:00.285 req_send: request 0x7ff91f5e5610 28-Jan-2022 09:03:00.285 dns_request_createvia: request 0x7ff91f5e5610 28-Jan-2022 09:03:00.285 req_senddone: request 0x7ff91f5e5610 28-Jan-2022 09:03:00.285 req_response: request 0x7ff91f5e5610: success 28-Jan-2022 09:03:00.285 req_cancel: request 0x7ff91f5e5610 28-Jan-2022 09:03:00.285 req_sendevent: request 0x7ff91f5e5610 28-Jan-2022 09:03:00.285 dns_request_getresponse: request 0x7ff91f5e5610 28-Jan-2022 09:03:00.295 dns_request_createvia 28-Jan-2022 09:03:00.295 request_render 28-Jan-2022 09:03:00.295 requestmgr_attach: 0x7ff91f5df1c8: eref 1 iref 2 28-Jan-2022 09:03:00.295 mgr_gethash 28-Jan-2022 09:03:00.295 dns_request_createvia: request 0x7ff91f5e5790 28-Jan-2022 09:03:00.295 dns_request_destroy: request 0x7ff91f5e5610 28-Jan-2022 09:03:00.295 req_destroy: request 0x7ff91f5e5610 28-Jan-2022 09:03:00.295 requestmgr_detach: 0x7ff91f5df1c8: eref 1 iref 1 28-Jan-2022 09:03:00.295 req_connected: request 0x7ff91f5e5790 28-Jan-2022 09:03:00.295 req_send: request 0x7ff91f5e5790 28-Jan-2022 09:03:00.305 req_senddone: request 0x7ff91f5e5790 28-Jan-2022 09:03:00.335 req_response: request 0x7ff91f5e5790: success 28-Jan-2022 09:03:00.335 req_cancel: request 0x7ff91f5e5790 28-Jan-2022 09:03:00.335 req_sendevent: request 0x7ff91f5e5790 28-Jan-2022 09:03:00.335 dns_request_getresponse: request 0x7ff91f5e5790 28-Jan-2022 09:03:00.335 dns_request_createvia 28-Jan-2022 09:03:00.335 request_render 28-Jan-2022 09:03:00.335 requestmgr_attach: 0x7ff91f5df1c8: eref 1 iref 2 28-Jan-2022 09:03:00.335 mgr_gethash 28-Jan-2022 09:03:00.335 dns_request_createvia: request 0x7ff91f5e5610 28-Jan-2022 09:03:00.335 dns_request_destroy: request 0x7ff91f5e5790 28-Jan-2022 09:03:00.335 req_destroy: request 0x7ff91f5e5790 28-Jan-2022 09:03:00.335 requestmgr_detach: 0x7ff91f5df1c8: eref 1 iref 1 28-Jan-2022 09:03:00.335 req_connected: request 0x7ff91f5e5610 28-Jan-2022 09:03:00.335 req_send: request 0x7ff91f5e5610 28-Jan-2022 09:03:00.345 req_senddone: request 0x7ff91f5e5610 28-Jan-2022 09:03:00.365 req_response: request 0x7ff91f5e5610: success 28-Jan-2022 09:03:00.365 req_cancel: request 0x7ff91f5e5610 28-Jan-2022 09:03:00.365 req_sendevent: request 0x7ff91f5e5610 28-Jan-2022 09:03:00.365 dns_request_getresponse: request 0x7ff91f5e5610 28-Jan-2022 09:03:00.365 GSS verify error: GSSAPI error: Major = A token had an invalid Message Integrity Check (MIC), Minor = Success. 28-Jan-2022 09:03:00.365 tsig key '3433197691.sig-dc1.network-1.net' (<null>): signature failed to verify(1) ; TSIG error with server: tsig verify failure 28-Jan-2022 09:03:00.365 dns_request_destroy: request 0x7ff91f5e5610 28-Jan-2022 09:03:00.365 req_destroy: request 0x7ff91f5e5610 28-Jan-2022 09:03:00.365 requestmgr_detach: 0x7ff91f5df1c8: eref 1 iref 0 28-Jan-2022 09:03:00.375 dns_requestmgr_shutdown: 0x7ff91f5df1c8 28-Jan-2022 09:03:00.375 send_shutdown_events: 0x7ff91f5df1c8 28-Jan-2022 09:03:00.375 dns_requestmgr_detach: 0x7ff91f5df1c8: eref 0 iref 0 28-Jan-2022 09:03:00.375 mgr_destroy Data from /var/log/samba/ [2022/01/28 03:02:57.729026, 2] ../../source4/dns_server/dns_update.c:824(dns_server_process_update) Got a dns update request. [2022/01/28 03:02:57.729226, 2] ../../source4/dns_server/dns_update.c:771(dns_update_allowed) All updates allowed. [2022/01/28 03:02:57.732085, 2] ../../source4/dns_server/dns_update.c:397(handle_one_update) Looking at record: [2022/01/28 03:02:57.732402, 2] ../../source4/dns_server/dns_update.c:398(handle_one_update) [2022/01/28 03:02:57.732479, 1] ../../librpc/ndr/ndr.c:435(ndr_print_debug) discard_const(update): struct dns_res_rec name : '_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.network-1.net' rr_type : DNS_QTYPE_SRV (0x21) rr_class : DNS_QCLASS_IN (0x1) ttl : 0x00000384 (900) length : 0x0019 (25) rdata : union dns_rdata(case 0x21) srv_record: struct dns_srv_record priority : 0x0000 (0) weight : 0x0064 (100) port : 0x0cc4 (3268) target : 'dc1.network-1.net' unexpected : DATA_BLOB length=0 [2022/01/28 03:02:57.885790, 2] ../../source4/kdc/db-glue.c:643(samba_kdc_message2entry_keys) Unsupported keytype ignored - type 3 [2022/01/28 03:02:57.888483, 2] ../../source4/kdc/db-glue.c:643(samba_kdc_message2entry_keys) Unsupported keytype ignored - type 1 [2022/01/28 03:02:58.045607, 2] ../../source4/dns_server/dns_update.c:824(dns_server_process_update) Got a dns update request. [2022/01/28 03:02:58.045825, 2] ../../source4/dns_server/dns_update.c:771(dns_update_allowed) All updates allowed. [2022/01/28 03:02:58.048526, 2] ../../source4/dns_server/dns_update.c:397(handle_one_update) Looking at record: [2022/01/28 03:02:58.048741, 2] ../../source4/dns_server/dns_update.c:398(handle_one_update) [2022/01/28 03:02:58.048816, 1] ../../librpc/ndr/ndr.c:435(ndr_print_debug) discard_const(update): struct dns_res_rec name : 'DomainDnsZones.network-1.net' rr_type : DNS_QTYPE_A (0x1) rr_class : DNS_QCLASS_IN (0x1) ttl : 0x00000384 (900) length : 0x0004 (4) rdata : union dns_rdata(case 0x1) ipv4_record : 10.0.0.3 unexpected : DATA_BLOB length=0 [2022/01/28 03:02:58.188259, 2] ../../source4/kdc/db-glue.c:643(samba_kdc_message2entry_keys) Unsupported keytype ignored - type 3 [2022/01/28 03:02:58.188499, 2] ../../source4/kdc/db-glue.c:643(samba_kdc_message2entry_keys) Unsupported keytype ignored - type 1
L.P.H. van Belle
2022-Jan-28 10:15 UTC
[Samba] nsupdate failed: GSSAPI error: A token had an invalid message integrity check
On AD-DC or Member ? Which samba version is this? Whats in smb.conf and krb5.conf Key type 3 is DES_CBC_MD5 to give a hint. We do need more info on this to help better. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Michael Jones via samba > Verzonden: vrijdag 28 januari 2022 10:15 > Aan: sambalist > Onderwerp: [Samba] nsupdate failed: GSSAPI error: A token had > an invalid message integrity check > > I'm troubleshooting why I'm getting > > > 28-Jan-2022 09:03:00.005 GSS verify error: GSSAPI error: > Major = A token > had an invalid Message Integrity Check (MIC), Minor = Success. > > when running > > > samba_dnsupdate --verbose --all-names > > As the root user on my domain controller. > > Had to crank the debugging options up to get the actual error (quoted > above). > > > samba_dnsupdate --verbose --all-names --debuglevel=10 --verbose > > with > > > nsupdate command = /usr/bin/nsupdate -g -L10 > > in my smb.conf > > There's no information about this in google, that I can tell. > And the error > messages aren't giving me much to go on. > > This domain controller has been running since at least 2017, > and upgraded > regularly as my linux distro updates samba. So it's plausible that i'm > running into a problem caused by an earlier version of samba > that is only > manifesting now. > > Any advice? > > > > > Truncated command output follows immediately, followed by > example snippets > out of /var/log/samba. > > update(nsupdate): SRV _ldap._tcp.ForestDnsZones.network-1.net > dc1.network-1.net 389 > Calling nsupdate for SRV _ldap._tcp.ForestDnsZones.network-1.net > dc1.network-1.net 389 (add) > Starting GENSEC mechanism gssapi_krb5_sasl > GSSAPI credentials for DC1$@NETWORK-1.NET will expire in 35989 secs > gensec_update_send: gssapi_krb5_sasl[0x564b018d5f80]: subreq: > 0x564b015950e0 > gensec_update_done: gssapi_krb5_sasl[0x564b018d5f80]: > NT_STATUS_MORE_PROCESSING_REQUIRED > tevent_req[0x564b015950e0/../../source4/auth/gensec/gensec_gss > api.c:1057]: > state[2] error[0 (0x0)] state[struct gensec_gssapi_update_state > (0x564b015952a0)] timer[(nil)] > finish[../../source4/auth/gensec/gensec_gssapi.c:1068] > Successfully obtained Kerberos ticket to DNS/dc1.network-1.net as DC1$ > 28-Jan-2022 09:02:59.885 dns_requestmgr_create > 28-Jan-2022 09:02:59.885 dns_requestmgr_create: 0x7f768d8511c8 > Outgoing update query: > ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 > ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 > ;; UPDATE SECTION: > _ldap._tcp.ForestDnsZones.network-1.net. 900 INSRV 0 100 389 > dc1.network-1.net. > > 28-Jan-2022 09:02:59.895 dns_request_createvia > 28-Jan-2022 09:02:59.895 request_render > 28-Jan-2022 09:02:59.905 requestmgr_attach: 0x7f768d8511c8: > eref 1 iref 1 > 28-Jan-2022 09:02:59.905 mgr_gethash > 28-Jan-2022 09:02:59.905 req_send: request 0x7f768d857610 > 28-Jan-2022 09:02:59.905 dns_request_createvia: request 0x7f768d857610 > 28-Jan-2022 09:02:59.905 req_senddone: request 0x7f768d857610 > 28-Jan-2022 09:02:59.905 req_response: request 0x7f768d857610: success > 28-Jan-2022 09:02:59.905 req_cancel: request 0x7f768d857610 > 28-Jan-2022 09:02:59.905 req_sendevent: request 0x7f768d857610 > 28-Jan-2022 09:02:59.905 dns_request_getresponse: request > 0x7f768d857610 > 28-Jan-2022 09:02:59.915 dns_request_createvia > 28-Jan-2022 09:02:59.915 request_render > 28-Jan-2022 09:02:59.915 requestmgr_attach: 0x7f768d8511c8: > eref 1 iref 2 > 28-Jan-2022 09:02:59.915 mgr_gethash > 28-Jan-2022 09:02:59.915 dns_request_createvia: request 0x7f768d857790 > 28-Jan-2022 09:02:59.915 dns_request_destroy: request 0x7f768d857610 > 28-Jan-2022 09:02:59.915 req_destroy: request 0x7f768d857610 > 28-Jan-2022 09:02:59.915 requestmgr_detach: 0x7f768d8511c8: > eref 1 iref 1 > 28-Jan-2022 09:02:59.915 req_connected: request 0x7f768d857790 > 28-Jan-2022 09:02:59.915 req_send: request 0x7f768d857790 > 28-Jan-2022 09:02:59.915 req_senddone: request 0x7f768d857790 > 28-Jan-2022 09:02:59.965 req_response: request 0x7f768d857790: success > 28-Jan-2022 09:02:59.965 req_cancel: request 0x7f768d857790 > 28-Jan-2022 09:02:59.965 req_sendevent: request 0x7f768d857790 > 28-Jan-2022 09:02:59.965 dns_request_getresponse: request > 0x7f768d857790 > 28-Jan-2022 09:02:59.965 dns_request_createvia > 28-Jan-2022 09:02:59.965 request_render > 28-Jan-2022 09:02:59.965 requestmgr_attach: 0x7f768d8511c8: > eref 1 iref 2 > 28-Jan-2022 09:02:59.965 mgr_gethash > 28-Jan-2022 09:02:59.965 dns_request_createvia: request 0x7f768d857610 > 28-Jan-2022 09:02:59.965 dns_request_destroy: request 0x7f768d857790 > 28-Jan-2022 09:02:59.965 req_destroy: request 0x7f768d857790 > 28-Jan-2022 09:02:59.965 requestmgr_detach: 0x7f768d8511c8: > eref 1 iref 1 > 28-Jan-2022 09:02:59.965 req_connected: request 0x7f768d857610 > 28-Jan-2022 09:02:59.965 req_send: request 0x7f768d857610 > 28-Jan-2022 09:02:59.965 req_senddone: request 0x7f768d857610 > 28-Jan-2022 09:03:00.005 req_response: request 0x7f768d857610: success > 28-Jan-2022 09:03:00.005 req_cancel: request 0x7f768d857610 > 28-Jan-2022 09:03:00.005 req_sendevent: request 0x7f768d857610 > 28-Jan-2022 09:03:00.005 dns_request_getresponse: request > 0x7f768d857610 > 28-Jan-2022 09:03:00.005 GSS verify error: GSSAPI error: > Major = A token > had an invalid Message Integrity Check (MIC), Minor = Success. > 28-Jan-2022 09:03:00.005 tsig key '4222350327.sig-dc1.network-1.net' > (<null>): signature failed to verify(1) > ; TSIG error with server: tsig verify failure > 28-Jan-2022 09:03:00.005 dns_request_destroy: request 0x7f768d857610 > 28-Jan-2022 09:03:00.005 req_destroy: request 0x7f768d857610 > 28-Jan-2022 09:03:00.005 requestmgr_detach: 0x7f768d8511c8: > eref 1 iref 0 > 28-Jan-2022 09:03:00.005 dns_requestmgr_shutdown: 0x7f768d8511c8 > 28-Jan-2022 09:03:00.005 send_shutdown_events: 0x7f768d8511c8 > 28-Jan-2022 09:03:00.005 dns_requestmgr_detach: > 0x7f768d8511c8: eref 0 iref > 0 > 28-Jan-2022 09:03:00.005 mgr_destroy > Failed nsupdate: 2 > update(nsupdate): SRV _ldap._tcp.Default-First-Site-Name._ > sites.ForestDnsZones.network-1.net dc1.network-1.net 389 > Calling nsupdate for SRV _ldap._tcp.Default-First-Site-Name._ > sites.ForestDnsZones.network-1.net dc1.network-1.net 389 (add) > Starting GENSEC mechanism gssapi_krb5_sasl > GSSAPI credentials for DC1$@NETWORK-1.NET will expire in 35988 secs > gensec_update_send: gssapi_krb5_sasl[0x564b018d5f80]: subreq: > 0x564b015950e0 > gensec_update_done: gssapi_krb5_sasl[0x564b018d5f80]: > NT_STATUS_MORE_PROCESSING_REQUIRED > tevent_req[0x564b015950e0/../../source4/auth/gensec/gensec_gss > api.c:1057]: > state[2] error[0 (0x0)] state[struct gensec_gssapi_update_state > (0x564b015952a0)] timer[(nil)] > finish[../../source4/auth/gensec/gensec_gssapi.c:1068] > Successfully obtained Kerberos ticket to DNS/dc1.network-1.net as DC1$ > 28-Jan-2022 09:03:00.275 dns_requestmgr_create > 28-Jan-2022 09:03:00.275 dns_requestmgr_create: 0x7ff91f5df1c8 > Outgoing update query: > ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 > ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 > ;; UPDATE SECTION: > _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.netwo > rk-1.net.900 > IN SRV 0 100 389 dc1.network-1.net. > > 28-Jan-2022 09:03:00.275 dns_request_createvia > 28-Jan-2022 09:03:00.285 request_render > 28-Jan-2022 09:03:00.285 requestmgr_attach: 0x7ff91f5df1c8: > eref 1 iref 1 > 28-Jan-2022 09:03:00.285 mgr_gethash > 28-Jan-2022 09:03:00.285 req_send: request 0x7ff91f5e5610 > 28-Jan-2022 09:03:00.285 dns_request_createvia: request 0x7ff91f5e5610 > 28-Jan-2022 09:03:00.285 req_senddone: request 0x7ff91f5e5610 > 28-Jan-2022 09:03:00.285 req_response: request 0x7ff91f5e5610: success > 28-Jan-2022 09:03:00.285 req_cancel: request 0x7ff91f5e5610 > 28-Jan-2022 09:03:00.285 req_sendevent: request 0x7ff91f5e5610 > 28-Jan-2022 09:03:00.285 dns_request_getresponse: request > 0x7ff91f5e5610 > 28-Jan-2022 09:03:00.295 dns_request_createvia > 28-Jan-2022 09:03:00.295 request_render > 28-Jan-2022 09:03:00.295 requestmgr_attach: 0x7ff91f5df1c8: > eref 1 iref 2 > 28-Jan-2022 09:03:00.295 mgr_gethash > 28-Jan-2022 09:03:00.295 dns_request_createvia: request 0x7ff91f5e5790 > 28-Jan-2022 09:03:00.295 dns_request_destroy: request 0x7ff91f5e5610 > 28-Jan-2022 09:03:00.295 req_destroy: request 0x7ff91f5e5610 > 28-Jan-2022 09:03:00.295 requestmgr_detach: 0x7ff91f5df1c8: > eref 1 iref 1 > 28-Jan-2022 09:03:00.295 req_connected: request 0x7ff91f5e5790 > 28-Jan-2022 09:03:00.295 req_send: request 0x7ff91f5e5790 > 28-Jan-2022 09:03:00.305 req_senddone: request 0x7ff91f5e5790 > 28-Jan-2022 09:03:00.335 req_response: request 0x7ff91f5e5790: success > 28-Jan-2022 09:03:00.335 req_cancel: request 0x7ff91f5e5790 > 28-Jan-2022 09:03:00.335 req_sendevent: request 0x7ff91f5e5790 > 28-Jan-2022 09:03:00.335 dns_request_getresponse: request > 0x7ff91f5e5790 > 28-Jan-2022 09:03:00.335 dns_request_createvia > 28-Jan-2022 09:03:00.335 request_render > 28-Jan-2022 09:03:00.335 requestmgr_attach: 0x7ff91f5df1c8: > eref 1 iref 2 > 28-Jan-2022 09:03:00.335 mgr_gethash > 28-Jan-2022 09:03:00.335 dns_request_createvia: request 0x7ff91f5e5610 > 28-Jan-2022 09:03:00.335 dns_request_destroy: request 0x7ff91f5e5790 > 28-Jan-2022 09:03:00.335 req_destroy: request 0x7ff91f5e5790 > 28-Jan-2022 09:03:00.335 requestmgr_detach: 0x7ff91f5df1c8: > eref 1 iref 1 > 28-Jan-2022 09:03:00.335 req_connected: request 0x7ff91f5e5610 > 28-Jan-2022 09:03:00.335 req_send: request 0x7ff91f5e5610 > 28-Jan-2022 09:03:00.345 req_senddone: request 0x7ff91f5e5610 > 28-Jan-2022 09:03:00.365 req_response: request 0x7ff91f5e5610: success > 28-Jan-2022 09:03:00.365 req_cancel: request 0x7ff91f5e5610 > 28-Jan-2022 09:03:00.365 req_sendevent: request 0x7ff91f5e5610 > 28-Jan-2022 09:03:00.365 dns_request_getresponse: request > 0x7ff91f5e5610 > 28-Jan-2022 09:03:00.365 GSS verify error: GSSAPI error: > Major = A token > had an invalid Message Integrity Check (MIC), Minor = Success. > 28-Jan-2022 09:03:00.365 tsig key '3433197691.sig-dc1.network-1.net' > (<null>): signature failed to verify(1) > ; TSIG error with server: tsig verify failure > 28-Jan-2022 09:03:00.365 dns_request_destroy: request 0x7ff91f5e5610 > 28-Jan-2022 09:03:00.365 req_destroy: request 0x7ff91f5e5610 > 28-Jan-2022 09:03:00.365 requestmgr_detach: 0x7ff91f5df1c8: > eref 1 iref 0 > 28-Jan-2022 09:03:00.375 dns_requestmgr_shutdown: 0x7ff91f5df1c8 > 28-Jan-2022 09:03:00.375 send_shutdown_events: 0x7ff91f5df1c8 > 28-Jan-2022 09:03:00.375 dns_requestmgr_detach: > 0x7ff91f5df1c8: eref 0 iref > 0 > 28-Jan-2022 09:03:00.375 mgr_destroy > > > > > > > > > > > > > Data from /var/log/samba/ > > > > [2022/01/28 03:02:57.729026, 2] > ../../source4/dns_server/dns_update.c:824(dns_server_process_update) > Got a dns update request. > [2022/01/28 03:02:57.729226, 2] > ../../source4/dns_server/dns_update.c:771(dns_update_allowed) > All updates allowed. > [2022/01/28 03:02:57.732085, 2] > ../../source4/dns_server/dns_update.c:397(handle_one_update) > Looking at record: > [2022/01/28 03:02:57.732402, 2] > ../../source4/dns_server/dns_update.c:398(handle_one_update) > [2022/01/28 03:02:57.732479, 1] > ../../librpc/ndr/ndr.c:435(ndr_print_debug) > discard_const(update): struct dns_res_rec > name : > '_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.network-1.net' > rr_type : DNS_QTYPE_SRV (0x21) > rr_class : DNS_QCLASS_IN (0x1) > ttl : 0x00000384 (900) > length : 0x0019 (25) > rdata : union dns_rdata(case 0x21) > srv_record: struct dns_srv_record > priority : 0x0000 (0) > weight : 0x0064 (100) > port : 0x0cc4 (3268) > target : 'dc1.network-1.net' > unexpected : DATA_BLOB length=0 > [2022/01/28 03:02:57.885790, 2] > ../../source4/kdc/db-glue.c:643(samba_kdc_message2entry_keys) > Unsupported keytype ignored - type 3 > [2022/01/28 03:02:57.888483, 2] > ../../source4/kdc/db-glue.c:643(samba_kdc_message2entry_keys) > Unsupported keytype ignored - type 1 > [2022/01/28 03:02:58.045607, 2] > ../../source4/dns_server/dns_update.c:824(dns_server_process_update) > Got a dns update request. > [2022/01/28 03:02:58.045825, 2] > ../../source4/dns_server/dns_update.c:771(dns_update_allowed) > All updates allowed. > [2022/01/28 03:02:58.048526, 2] > ../../source4/dns_server/dns_update.c:397(handle_one_update) > Looking at record: > [2022/01/28 03:02:58.048741, 2] > ../../source4/dns_server/dns_update.c:398(handle_one_update) > [2022/01/28 03:02:58.048816, 1] > ../../librpc/ndr/ndr.c:435(ndr_print_debug) > discard_const(update): struct dns_res_rec > name : 'DomainDnsZones.network-1.net' > rr_type : DNS_QTYPE_A (0x1) > rr_class : DNS_QCLASS_IN (0x1) > ttl : 0x00000384 (900) > length : 0x0004 (4) > rdata : union dns_rdata(case 0x1) > ipv4_record : 10.0.0.3 > unexpected : DATA_BLOB length=0 > [2022/01/28 03:02:58.188259, 2] > ../../source4/kdc/db-glue.c:643(samba_kdc_message2entry_keys) > Unsupported keytype ignored - type 3 > [2022/01/28 03:02:58.188499, 2] > ../../source4/kdc/db-glue.c:643(samba_kdc_message2entry_keys) > Unsupported keytype ignored - type 1 > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >