Jason Michaelson
2015-Oct-10 01:10 UTC
[Samba] Adding a new DC to an existing Windows domain.
My network is set up with bind 9 servers (all Linux) that are separate from my AD servers, ns-master, ns1, and ns2, with ns-master being the target of the SOA record for the zones. ns1 and ns2 are joined to my AD domain running Samba, ns-master is standalone. I have 2 existing DCs one running Windows 2k3R2 and the other running Windoes 2k8R2. I'm looking to add a Samba DC to the domain, and the add works fine, and the new DC appears correctly in both AD Users and Computer and AD Sites and Services. The problem I'm having is that samba_dnsupdate is failing with the following errors for each attempted record update: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database. If I manually run nsupdate with the tmp file samba_dnsupdate leaves behind when it fails, the relevant record gets updated appropriately. tcpdump and Wireshark seem to indicate that the new DC is putting out a Kerberos TGS-REQ request for a kRB5-NT-PRINCIPAL looking for ns-master's FQDN, after gathering it from an SOA lookup on its own name. What sort of configuration would I be missing here that's keeping this from working correctly? A search on google for the tkey error above doesn't result in a while lot of hits. Thansk in advance for any help! jdm
Maybe Matching Threads
- dp.samba.org in a blacklist...
- Re-configuring BIND DNS Servers for CentOS Web Panel Web Hosting Control Panel on Amazon AWS Cloud
- Step-by-Step Tutorial: How to Deploy cPanel Web Hosting Control Panel version 11.74 on CentOS 7.5 Linux Server version 1805 in Amazon AWS Cloud
- Nufone problems
- IPv6 Resolver (or: Slow rendering of Webpages using Konqueror)