You are not logged in.

Pages: 1

#1 2021-03-08 11:00:48

lihp
Member
Registered: 2021-03-08
Posts: 6

samba dynamic updates - TSIG error

System:
- current Arch Linux on Epyc, new installation
- samba AD DC configured once with internal-dns, once with BIND9

Error:
On any version (Internal, BIND9) the command
# samba_dnsupdate --verbose --all-names
results in screen filling up with DDNS and error messages. The last three lines:

; TSIG error with server: tsig verify failure
Failed nsupdate: 2
Failed update of 34 entries

I am out of ideas, where the error messages come from. Old search results tell that these messages can be safely ignored. Yet I did have issues with Clients and DDNS and Kerberos. So I reinstalled with BIND9 backend to no avail - same error.

Any hint where I went wrong or what I have overlooked is greatly appreciated.

my smb.conf:
# Global parameters
[global]
        netbios name = dc1
        realm = INTRANET.DOMAIN.TLD
        server role = active directory domain controller
        server services = dns, s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
        workgroup = INTRANET
        idmap_ldb:use rfc2307 = yes
        tls enabled  = yes
        tls keyfile  = tls/key.pem
        tls certfile = tls/cert.pem
        tls cafile   = tls/ca.pem

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No

[netlogon]
        path = /var/lib/samba/sysvol/intranet.domain.tld/scripts
        read only = No

Offline

#2 2021-03-08 11:40:41

hortimech
Member
Registered: 2020-10-09
Posts: 9

Re: samba dynamic updates - TSIG error

At the moment, your DC is using the internal dns server, but you do not have any forwarders.

Does the DC use its own ipaddress (not 127.0.0.1) as its first nameserver in /etc/resolv.conf ?

Offline

#3 2021-03-08 13:35:23

lihp
Member
Registered: 2021-03-08
Posts: 6

Re: samba dynamic updates - TSIG error

hortimech wrote:

At the moment, your DC is using the internal dns server, but you do not have any forwarders.

Do you need to configure the forwarder in smb.conf too when using BIND9? I assumed configuring in BIND is sufficient.

hortimech wrote:

Does the DC use its own ipaddress (not 127.0.0.1) as its first nameserver in /etc/resolv.conf ?

It uses 127.0.0.1 and ::1

Did the following:
1. disable IPv6 for now until it works under IPv4
2. Set forwarder in smb.conf and
3. set IP address (not 127.0.0.1) for resolv.
4. edited hosts ofc too

# samba_dnsupdate --verbose --all-names

result (just snippets):


(...)

force update: SRV _ldap._tcp.ForestDnsZones.intranet.example.com dc1.intranet.example.com 389
force update: SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.intranet.example.com dc1.intranet.example.com 389
29 DNS updates and 0 DNS deletes needed
Successfully obtained Kerberos ticket to DNS/dc1.intranet.example.com as dc1$
update(nsupdate): A dc1.intranet.example.com 192.168.178.204
Calling nsupdate for A dc1.intranet.example.com 192.168.178.204 (add)
Successfully obtained Kerberos ticket to DNS/dc1.intranet.example.com as dc1$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
dc1.intranet.example.com. 900 IN A    192.168.178.204

; TSIG error with server: tsig verify failure
Failed nsupdate: 2
update(nsupdate): CNAME 085a9ea9-7f3a-4048-88ee-db948fa2975f._msdcs.intranet.example.com dc1.intranet.example.com
Calling nsupdate for CNAME 085a9ea9-7f3a-4048-88ee-db948fa2975f._msdcs.intranet.example.com dc1.intranet.example.com (add)
Successfully obtained Kerberos ticket to DNS/dc1.intranet.example.com as dc1$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
085a9ea9-7f3a-4048-88ee-db948fa2975f._msdcs.intranet.example.com. 900 IN CNAME dc1.intranet.example.com.

; TSIG error with server: tsig verify failure
Failed nsupdate: 2

(...)

update(nsupdate): SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.intranet.example.com dc1.intranet.example.com 389
Calling nsupdate for SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.intranet.example.com dc1.intranet.example.com 389 (add)
Successfully obtained Kerberos ticket to DNS/dc1.intranet.example.com as dc1$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.intranet.example.com. 900 IN SRV 0 100 389 dc1.intranet.example.com.

; TSIG error with server: tsig verify failure
Failed nsupdate: 2
Failed update of 29 entries


---------

/etc/hosts
# Static table lookup for hostnames.
# See hosts(5) for details
192.168.178.204 dc1.intranet.example.com dc1
127.0.0.1 dc1.intranet.example.com dc1 localhost localhost.localdomain localhost4 localhost4.localdomain4

/etc/resolv.conf
search intranet.example.com
nameserver 192.168.178.204

Last edited by lihp (2021-03-08 13:50:18)

Offline

#4 2021-03-08 13:50:50

lihp
Member
Registered: 2021-03-08
Posts: 6

Re: samba dynamic updates - TSIG error

PS: updated post - 4. for changes, added hosts and resolv.conf

Offline

#5 2021-03-08 13:55:54

hortimech
Member
Registered: 2020-10-09
Posts: 9

Re: samba dynamic updates - TSIG error

Setting the forwarders in the bind9 conf files would be enough, but you are not using bind9 (if you are using the smb.conf you posted), your 'server services' line has 'dns' in it, this means you are using the internal dns server.
When you 'tried' to upgrade to bind9, did you run 'samba_upgradedns' ?

Offline

#6 2021-03-08 14:43:36

lihp
Member
Registered: 2021-03-08
Posts: 6

Re: samba dynamic updates - TSIG error

hortimech wrote:

Setting the forwarders in the bind9 conf files would be enough, but you are not using bind9 (if you are using the smb.conf you posted), your 'server services' line has 'dns' in it, this means you are using the internal dns server.
When you 'tried' to upgrade to bind9, did you run 'samba_upgradedns' ?

My bad, I had already tested with internal again, when I posted the smb.conf

The local DNS changed the behaviour. Changes:
1. As shown above changed resolv.conf and hosts
2. switched back to BIND9
3. updated smb.conf

Current smb.conf:
# Global parameters
[global]
        netbios name = DC1
        realm = INTRANET.EXAMPLE.COM
        server role = active directory domain controller
        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
        workgroup = INTRANET
        dns forwarder = 192.168.178.1
        idmap_ldb:use rfc2307 = yes
        tls enabled  = yes
        tls keyfile  = tls/key.pem
        tls certfile = tls/cert.pem
        tls cafile   = tls/ca.pem

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No

[netlogon]
        path = /var/lib/samba/sysvol/intranet.example.com/scripts
        read only = No
----------------
Can samba even work with this BIND version?

[root@dc1 ~]# named -v
BIND 9.16.12 (Stable Release) <id:aeb943d>
[root@dc1 ~]# samba -V
Version 4.13.4

----------------

The error on dynamic DNS updates changed to:

dns_tkey_gssnegotiate: TKEY is unacceptable
Failed nsupdate: 1
Failed update of 29 entries

----------------

For that error I checked according: https://wiki.samba.org/index.php/Dns_tk … acceptable

To no avail. I cant seem to see where I went wrong sad

Offline

#7 2021-03-08 14:48:37

lihp
Member
Registered: 2021-03-08
Posts: 6

Re: samba dynamic updates - TSIG error

PS: again sorry for posting the wrong smb.conf - usually not my style. Its just: I am sitting on failed dynamic DNS updates for some time - and I plain dont see whats wrong ;(.

Offline

#8 2021-03-08 19:29:38

hortimech
Member
Registered: 2020-10-09
Posts: 9

Re: samba dynamic updates - TSIG error

When you are changing between dns servers, are you running 'samba_upgradedns' and if you are, are you running it correctly ? add '--help' to the command to see the various options.

Your version of Bind9 should be okay, there was a problem, but it was fixed in 4.12.x

You could try using '--use-samba-tool' with your 'samba_dnsupdate' command.

Offline

#9 2021-03-08 22:13:12

lihp
Member
Registered: 2021-03-08
Posts: 6

Re: samba dynamic updates - TSIG error

hortimech wrote:

When you are changing between dns servers, are you running 'samba_upgradedns' and if you are, are you running it correctly ? add '--help' to the command to see the various options.

samba_upgradedns --dns-backend=BIND9_DLZ

hortimech wrote:

Your version of Bind9 should be okay, there was a problem, but it was fixed in 4.12.x

Thank you.

hortimech wrote:

You could try using '--use-samba-tool' with your 'samba_dnsupdate' command.

I attached the output - its different with --use-samba-tool:

--------------------------------------------------------------------------------
# samba_dnsupdate --verbose --all-names --use-samba-tool
IPs: ['192.168.178.204']
force update: A dc1.intranet.example.com 192.168.178.204
force update: CNAME 085a9ea9-7f3a-4048-88ee-db948fa2975f._msdcs.intranet.example.com dc1.intranet.example.com
force update: NS intranet.example.com dc1.intranet.example.com
force update: NS _msdcs.intranet.example.com dc1.intranet.example.com
force update: A intranet.example.com 192.168.178.204
force update: SRV _ldap._tcp.intranet.example.com dc1.intranet.example.com 389
force update: SRV _ldap._tcp.dc._msdcs.intranet.example.com dc1.intranet.example.com 389
force update: SRV _ldap._tcp.191857a8-808d-4410-b65e-64a0ff5b9386.domains._msdcs.intranet.example.com dc1.intranet.example.com 389
force update: SRV _kerberos._tcp.intranet.example.com dc1.intranet.example.com 88
force update: SRV _kerberos._udp.intranet.example.com dc1.intranet.example.com 88
force update: SRV _kerberos._tcp.dc._msdcs.intranet.example.com dc1.intranet.example.com 88
force update: SRV _kpasswd._tcp.intranet.example.com dc1.intranet.example.com 464
force update: SRV _kpasswd._udp.intranet.example.com dc1.intranet.example.com 464
force update: SRV _ldap._tcp.Default-First-Site-Name._sites.intranet.example.com dc1.intranet.example.com 389
force update: SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.intranet.example.com dc1.intranet.example.com 389
force update: SRV _kerberos._tcp.Default-First-Site-Name._sites.intranet.example.com dc1.intranet.example.com 88
force update: SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.intranet.example.com dc1.intranet.example.com 88
force update: SRV _ldap._tcp.pdc._msdcs.intranet.example.com dc1.intranet.example.com 389
force update: A gc._msdcs.intranet.example.com 192.168.178.204
force update: SRV _gc._tcp.intranet.example.com dc1.intranet.example.com 3268
force update: SRV _ldap._tcp.gc._msdcs.intranet.example.com dc1.intranet.example.com 3268
force update: SRV _gc._tcp.Default-First-Site-Name._sites.intranet.example.com dc1.intranet.example.com 3268
force update: SRV _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.intranet.example.com dc1.intranet.example.com 3268
force update: A DomainDnsZones.intranet.example.com 192.168.178.204
force update: SRV _ldap._tcp.DomainDnsZones.intranet.example.com dc1.intranet.example.com 389
force update: SRV _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.intranet.example.com dc1.intranet.example.com 389
force update: A ForestDnsZones.intranet.example.com 192.168.178.204
force update: SRV _ldap._tcp.ForestDnsZones.intranet.example.com dc1.intranet.example.com 389
force update: SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.intranet.example.com dc1.intranet.example.com 389
29 DNS updates and 0 DNS deletes needed
Successfully obtained Kerberos ticket to DNS/dc1.intranet.example.com as dc1$
update (samba-tool): A dc1.intranet.example.com 192.168.178.204
Calling samba-tool dns for A dc1.intranet.example.com 192.168.178.204 (add)
Calling samba-tool dns add -k no -P ['192.168.178.204', 'intranet.example.com', 'dc1', 'A', '192.168.178.204']
ERROR: Record already exist; record could not be added. zone[intranet.example.com] name[dc1]
Failed 'samba-tool dns' based update of A dc1.intranet.example.com 192.168.178.204
update (samba-tool): CNAME 085a9ea9-7f3a-4048-88ee-db948fa2975f._msdcs.intranet.example.com dc1.intranet.example.com
Calling samba-tool dns for CNAME 085a9ea9-7f3a-4048-88ee-db948fa2975f._msdcs.intranet.example.com dc1.intranet.example.com (add)
Calling samba-tool dns add -k no -P ['192.168.178.204', '_msdcs.intranet.example.com', '085a9ea9-7f3a-4048-88ee-db948fa2975f', 'CNAME', 'dc1.intranet.example.com']
ERROR: Record already exist; record could not be added. zone[_msdcs.intranet.example.com] name[085a9ea9-7f3a-4048-88ee-db948fa2975f]
Failed 'samba-tool dns' based update of CNAME 085a9ea9-7f3a-4048-88ee-db948fa2975f._msdcs.intranet.example.com dc1.intranet.example.com
update (samba-tool): NS intranet.example.com dc1.intranet.example.com
Calling samba-tool dns for NS intranet.example.com dc1.intranet.example.com (add)
Calling samba-tool dns add -k no -P ['192.168.178.204', 'intranet.example.com', '@', 'NS', 'dc1.intranet.example.com']
ERROR: Record already exist; record could not be added. zone[intranet.example.com] name[@]
Failed 'samba-tool dns' based update of NS intranet.example.com dc1.intranet.example.com
update (samba-tool): NS _msdcs.intranet.example.com dc1.intranet.example.com
Calling samba-tool dns for NS _msdcs.intranet.example.com dc1.intranet.example.com (add)
Calling samba-tool dns add -k no -P ['192.168.178.204', '_msdcs.intranet.example.com', '@', 'NS', 'dc1.intranet.example.com']
ERROR: Record already exist; record could not be added. zone[_msdcs.intranet.example.com] name[@]
Failed 'samba-tool dns' based update of NS _msdcs.intranet.example.com dc1.intranet.example.com
update (samba-tool): A intranet.example.com 192.168.178.204
Calling samba-tool dns for A intranet.example.com 192.168.178.204 (add)
Calling samba-tool dns add -k no -P ['192.168.178.204', 'intranet.example.com', '@', 'A', '192.168.178.204']
ERROR: Record already exist; record could not be added. zone[intranet.example.com] name[@]
Failed 'samba-tool dns' based update of A intranet.example.com 192.168.178.204
update (samba-tool): SRV _ldap._tcp.intranet.example.com dc1.intranet.example.com 389
Calling samba-tool dns for SRV _ldap._tcp.intranet.example.com dc1.intranet.example.com 389 (add)
Calling samba-tool dns add -k no -P ['192.168.178.204', 'intranet.example.com', '_ldap._tcp', 'SRV', 'dc1.intranet.example.com 389 0 100']
ERROR: Record already exist; record could not be added. zone[intranet.example.com] name[_ldap._tcp]
Failed 'samba-tool dns' based update of SRV _ldap._tcp.intranet.example.com dc1.intranet.example.com 389
update (samba-tool): SRV _ldap._tcp.dc._msdcs.intranet.example.com dc1.intranet.example.com 389
Calling samba-tool dns for SRV _ldap._tcp.dc._msdcs.intranet.example.com dc1.intranet.example.com 389 (add)
Calling samba-tool dns add -k no -P ['192.168.178.204', '_msdcs.intranet.example.com', '_ldap._tcp.dc', 'SRV', 'dc1.intranet.example.com 389 0 100']
ERROR: Record already exist; record could not be added. zone[_msdcs.intranet.example.com] name[_ldap._tcp.dc]
Failed 'samba-tool dns' based update of SRV _ldap._tcp.dc._msdcs.intranet.example.com dc1.intranet.example.com 389
update (samba-tool): SRV _ldap._tcp.191857a8-808d-4410-b65e-64a0ff5b9386.domains._msdcs.intranet.example.com dc1.intranet.example.com 389
Calling samba-tool dns for SRV _ldap._tcp.191857a8-808d-4410-b65e-64a0ff5b9386.domains._msdcs.intranet.example.com dc1.intranet.example.com 389 (add)
Calling samba-tool dns add -k no -P ['192.168.178.204', '_msdcs.intranet.example.com', '_ldap._tcp.191857a8-808d-4410-b65e-64a0ff5b9386.domains', 'SRV', 'dc1.intranet.example.com 389 0 100']
ERROR: Record already exist; record could not be added. zone[_msdcs.intranet.example.com] name[_ldap._tcp.191857a8-808d-4410-b65e-64a0ff5b9386.domains]
Failed 'samba-tool dns' based update of SRV _ldap._tcp.191857a8-808d-4410-b65e-64a0ff5b9386.domains._msdcs.intranet.example.com dc1.intranet.example.com 389
update (samba-tool): SRV _kerberos._tcp.intranet.example.com dc1.intranet.example.com 88
Calling samba-tool dns for SRV _kerberos._tcp.intranet.example.com dc1.intranet.example.com 88 (add)
Calling samba-tool dns add -k no -P ['192.168.178.204', 'intranet.example.com', '_kerberos._tcp', 'SRV', 'dc1.intranet.example.com 88 0 100']
ERROR: Record already exist; record could not be added. zone[intranet.example.com] name[_kerberos._tcp]
Failed 'samba-tool dns' based update of SRV _kerberos._tcp.intranet.example.com dc1.intranet.example.com 88
update (samba-tool): SRV _kerberos._udp.intranet.example.com dc1.intranet.example.com 88
Calling samba-tool dns for SRV _kerberos._udp.intranet.example.com dc1.intranet.example.com 88 (add)
Calling samba-tool dns add -k no -P ['192.168.178.204', 'intranet.example.com', '_kerberos._udp', 'SRV', 'dc1.intranet.example.com 88 0 100']
ERROR: Record already exist; record could not be added. zone[intranet.example.com] name[_kerberos._udp]
Failed 'samba-tool dns' based update of SRV _kerberos._udp.intranet.example.com dc1.intranet.example.com 88
update (samba-tool): SRV _kerberos._tcp.dc._msdcs.intranet.example.com dc1.intranet.example.com 88
Calling samba-tool dns for SRV _kerberos._tcp.dc._msdcs.intranet.example.com dc1.intranet.example.com 88 (add)
Calling samba-tool dns add -k no -P ['192.168.178.204', '_msdcs.intranet.example.com', '_kerberos._tcp.dc', 'SRV', 'dc1.intranet.example.com 88 0 100']
ERROR: Record already exist; record could not be added. zone[_msdcs.intranet.example.com] name[_kerberos._tcp.dc]
Failed 'samba-tool dns' based update of SRV _kerberos._tcp.dc._msdcs.intranet.example.com dc1.intranet.example.com 88
update (samba-tool): SRV _kpasswd._tcp.intranet.example.com dc1.intranet.example.com 464
Calling samba-tool dns for SRV _kpasswd._tcp.intranet.example.com dc1.intranet.example.com 464 (add)
Calling samba-tool dns add -k no -P ['192.168.178.204', 'intranet.example.com', '_kpasswd._tcp', 'SRV', 'dc1.intranet.example.com 464 0 100']
ERROR: Record already exist; record could not be added. zone[intranet.example.com] name[_kpasswd._tcp]
Failed 'samba-tool dns' based update of SRV _kpasswd._tcp.intranet.example.com dc1.intranet.example.com 464
update (samba-tool): SRV _kpasswd._udp.intranet.example.com dc1.intranet.example.com 464
Calling samba-tool dns for SRV _kpasswd._udp.intranet.example.com dc1.intranet.example.com 464 (add)
Calling samba-tool dns add -k no -P ['192.168.178.204', 'intranet.example.com', '_kpasswd._udp', 'SRV', 'dc1.intranet.example.com 464 0 100']
ERROR: Record already exist; record could not be added. zone[intranet.example.com] name[_kpasswd._udp]
Failed 'samba-tool dns' based update of SRV _kpasswd._udp.intranet.example.com dc1.intranet.example.com 464
update (samba-tool): SRV _ldap._tcp.Default-First-Site-Name._sites.intranet.example.com dc1.intranet.example.com 389
Calling samba-tool dns for SRV _ldap._tcp.Default-First-Site-Name._sites.intranet.example.com dc1.intranet.example.com 389 (add)
Calling samba-tool dns add -k no -P ['192.168.178.204', 'intranet.example.com', '_ldap._tcp.Default-First-Site-Name._sites', 'SRV', 'dc1.intranet.example.com 389 0 100']
ERROR: Record already exist; record could not be added. zone[intranet.example.com] name[_ldap._tcp.Default-First-Site-Name._sites]
Failed 'samba-tool dns' based update of SRV _ldap._tcp.Default-First-Site-Name._sites.intranet.example.com dc1.intranet.example.com 389
update (samba-tool): SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.intranet.example.com dc1.intranet.example.com 389
Calling samba-tool dns for SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.intranet.example.com dc1.intranet.example.com 389 (add)
Calling samba-tool dns add -k no -P ['192.168.178.204', '_msdcs.intranet.example.com', '_ldap._tcp.Default-First-Site-Name._sites.dc', 'SRV', 'dc1.intranet.example.com 389 0 100']
ERROR: Record already exist; record could not be added. zone[_msdcs.intranet.example.com] name[_ldap._tcp.Default-First-Site-Name._sites.dc]
Failed 'samba-tool dns' based update of SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.intranet.example.com dc1.intranet.example.com 389
update (samba-tool): SRV _kerberos._tcp.Default-First-Site-Name._sites.intranet.example.com dc1.intranet.example.com 88
Calling samba-tool dns for SRV _kerberos._tcp.Default-First-Site-Name._sites.intranet.example.com dc1.intranet.example.com 88 (add)
Calling samba-tool dns add -k no -P ['192.168.178.204', 'intranet.example.com', '_kerberos._tcp.Default-First-Site-Name._sites', 'SRV', 'dc1.intranet.example.com 88 0 100']
ERROR: Record already exist; record could not be added. zone[intranet.example.com] name[_kerberos._tcp.Default-First-Site-Name._sites]
Failed 'samba-tool dns' based update of SRV _kerberos._tcp.Default-First-Site-Name._sites.intranet.example.com dc1.intranet.example.com 88
update (samba-tool): SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.intranet.example.com dc1.intranet.example.com 88
Calling samba-tool dns for SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.intranet.example.com dc1.intranet.example.com 88 (add)
Calling samba-tool dns add -k no -P ['192.168.178.204', '_msdcs.intranet.example.com', '_kerberos._tcp.Default-First-Site-Name._sites.dc', 'SRV', 'dc1.intranet.example.com 88 0 100']
ERROR: Record already exist; record could not be added. zone[_msdcs.intranet.example.com] name[_kerberos._tcp.Default-First-Site-Name._sites.dc]
Failed 'samba-tool dns' based update of SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.intranet.example.com dc1.intranet.example.com 88
update (samba-tool): SRV _ldap._tcp.pdc._msdcs.intranet.example.com dc1.intranet.example.com 389
Calling samba-tool dns for SRV _ldap._tcp.pdc._msdcs.intranet.example.com dc1.intranet.example.com 389 (add)
Calling samba-tool dns add -k no -P ['192.168.178.204', '_msdcs.intranet.example.com', '_ldap._tcp.pdc', 'SRV', 'dc1.intranet.example.com 389 0 100']
ERROR: Record already exist; record could not be added. zone[_msdcs.intranet.example.com] name[_ldap._tcp.pdc]
Failed 'samba-tool dns' based update of SRV _ldap._tcp.pdc._msdcs.intranet.example.com dc1.intranet.example.com 389
update (samba-tool): A gc._msdcs.intranet.example.com 192.168.178.204
Calling samba-tool dns for A gc._msdcs.intranet.example.com 192.168.178.204 (add)
Calling samba-tool dns add -k no -P ['192.168.178.204', '_msdcs.intranet.example.com', 'gc', 'A', '192.168.178.204']
ERROR: Record already exist; record could not be added. zone[_msdcs.intranet.example.com] name[gc]
Failed 'samba-tool dns' based update of A gc._msdcs.intranet.example.com 192.168.178.204
update (samba-tool): SRV _gc._tcp.intranet.example.com dc1.intranet.example.com 3268
Calling samba-tool dns for SRV _gc._tcp.intranet.example.com dc1.intranet.example.com 3268 (add)
Calling samba-tool dns add -k no -P ['192.168.178.204', 'intranet.example.com', '_gc._tcp', 'SRV', 'dc1.intranet.example.com 3268 0 100']
ERROR: Record already exist; record could not be added. zone[intranet.example.com] name[_gc._tcp]
Failed 'samba-tool dns' based update of SRV _gc._tcp.intranet.example.com dc1.intranet.example.com 3268
update (samba-tool): SRV _ldap._tcp.gc._msdcs.intranet.example.com dc1.intranet.example.com 3268
Calling samba-tool dns for SRV _ldap._tcp.gc._msdcs.intranet.example.com dc1.intranet.example.com 3268 (add)
Calling samba-tool dns add -k no -P ['192.168.178.204', '_msdcs.intranet.example.com', '_ldap._tcp.gc', 'SRV', 'dc1.intranet.example.com 3268 0 100']
ERROR: Record already exist; record could not be added. zone[_msdcs.intranet.example.com] name[_ldap._tcp.gc]
Failed 'samba-tool dns' based update of SRV _ldap._tcp.gc._msdcs.intranet.example.com dc1.intranet.example.com 3268
update (samba-tool): SRV _gc._tcp.Default-First-Site-Name._sites.intranet.example.com dc1.intranet.example.com 3268
Calling samba-tool dns for SRV _gc._tcp.Default-First-Site-Name._sites.intranet.example.com dc1.intranet.example.com 3268 (add)
Calling samba-tool dns add -k no -P ['192.168.178.204', 'intranet.example.com', '_gc._tcp.Default-First-Site-Name._sites', 'SRV', 'dc1.intranet.example.com 3268 0 100']
ERROR: Record already exist; record could not be added. zone[intranet.example.com] name[_gc._tcp.Default-First-Site-Name._sites]
Failed 'samba-tool dns' based update of SRV _gc._tcp.Default-First-Site-Name._sites.intranet.example.com dc1.intranet.example.com 3268
update (samba-tool): SRV _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.intranet.example.com dc1.intranet.example.com 3268
Calling samba-tool dns for SRV _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.intranet.example.com dc1.intranet.example.com 3268 (add)
Calling samba-tool dns add -k no -P ['192.168.178.204', '_msdcs.intranet.example.com', '_ldap._tcp.Default-First-Site-Name._sites.gc', 'SRV', 'dc1.intranet.example.com 3268 0 100']
ERROR: Record already exist; record could not be added. zone[_msdcs.intranet.example.com] name[_ldap._tcp.Default-First-Site-Name._sites.gc]
Failed 'samba-tool dns' based update of SRV _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.intranet.example.com dc1.intranet.example.com 3268
update (samba-tool): A DomainDnsZones.intranet.example.com 192.168.178.204
Calling samba-tool dns for A DomainDnsZones.intranet.example.com 192.168.178.204 (add)
Calling samba-tool dns add -k no -P ['192.168.178.204', 'intranet.example.com', 'DomainDnsZones', 'A', '192.168.178.204']
ERROR: Record already exist; record could not be added. zone[intranet.example.com] name[DomainDnsZones]
Failed 'samba-tool dns' based update of A DomainDnsZones.intranet.example.com 192.168.178.204
update (samba-tool): SRV _ldap._tcp.DomainDnsZones.intranet.example.com dc1.intranet.example.com 389
Calling samba-tool dns for SRV _ldap._tcp.DomainDnsZones.intranet.example.com dc1.intranet.example.com 389 (add)
Calling samba-tool dns add -k no -P ['192.168.178.204', 'intranet.example.com', '_ldap._tcp.DomainDnsZones', 'SRV', 'dc1.intranet.example.com 389 0 100']
ERROR: Record already exist; record could not be added. zone[intranet.example.com] name[_ldap._tcp.DomainDnsZones]
Failed 'samba-tool dns' based update of SRV _ldap._tcp.DomainDnsZones.intranet.example.com dc1.intranet.example.com 389
update (samba-tool): SRV _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.intranet.example.com dc1.intranet.example.com 389
Calling samba-tool dns for SRV _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.intranet.example.com dc1.intranet.example.com 389 (add)
Calling samba-tool dns add -k no -P ['192.168.178.204', 'intranet.example.com', '_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones', 'SRV', 'dc1.intranet.example.com 389 0 100']
ERROR: Record already exist; record could not be added. zone[intranet.example.com] name[_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones]
Failed 'samba-tool dns' based update of SRV _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.intranet.example.com dc1.intranet.example.com 389
update (samba-tool): A ForestDnsZones.intranet.example.com 192.168.178.204
Calling samba-tool dns for A ForestDnsZones.intranet.example.com 192.168.178.204 (add)
Calling samba-tool dns add -k no -P ['192.168.178.204', 'intranet.example.com', 'ForestDnsZones', 'A', '192.168.178.204']
ERROR: Record already exist; record could not be added. zone[intranet.example.com] name[ForestDnsZones]
Failed 'samba-tool dns' based update of A ForestDnsZones.intranet.example.com 192.168.178.204
update (samba-tool): SRV _ldap._tcp.ForestDnsZones.intranet.example.com dc1.intranet.example.com 389
Calling samba-tool dns for SRV _ldap._tcp.ForestDnsZones.intranet.example.com dc1.intranet.example.com 389 (add)
Calling samba-tool dns add -k no -P ['192.168.178.204', 'intranet.example.com', '_ldap._tcp.ForestDnsZones', 'SRV', 'dc1.intranet.example.com 389 0 100']
ERROR: Record already exist; record could not be added. zone[intranet.example.com] name[_ldap._tcp.ForestDnsZones]
Failed 'samba-tool dns' based update of SRV _ldap._tcp.ForestDnsZones.intranet.example.com dc1.intranet.example.com 389
update (samba-tool): SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.intranet.example.com dc1.intranet.example.com 389
Calling samba-tool dns for SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.intranet.example.com dc1.intranet.example.com 389 (add)
Calling samba-tool dns add -k no -P ['192.168.178.204', 'intranet.example.com', '_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones', 'SRV', 'dc1.intranet.example.com 389 0 100']
ERROR: Record already exist; record could not be added. zone[intranet.example.com] name[_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones]
Failed 'samba-tool dns' based update of SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.intranet.example.com dc1.intranet.example.com 389
Failed update of 29 entries

Offline

#10 2021-03-09 12:04:32

hortimech
Member
Registered: 2020-10-09
Posts: 9

Re: samba dynamic updates - TSIG error

Even though it says it has failed, it hasn't, because the actual error is that the record already exists, so the record cannot be added.

Offline

Pages: 1

Board footer

Powered by FluxBB