Hi
I know that this has been addressed before but I couldn't find a
solution. Summary: when attempting to write a dns record using nsupdate,
nothing gets written to the zone due to the error:
; TSIG error with server: tsig verify failure
Everything is working. We can login to the domain from the same client
and we have sssd sending the dyndns update requests which also produce
the same error but still send the correct IP to the server after a
change in I on the client but still nothing is written.
Test: we can't ping the client by name from the DC after the update
request is sent. The DC responds correctly as for e.g. successful
updates from xp clients.
Question, does this work against a DC with bind dlz? Any solution meanwhile?
Thanks,
Steve
Here is the output:
sudo nsupdate -g -d
[sudo] password for steve:
> server 192.168.1.16
> realm HH3.SITE
> update add pinoso.hh3.site 3600 A 192.168.1.100
> send
Reply from SOA query:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7006
;; flags: qr; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;pinoso.hh3.site. IN SOA
Reply from SOA query:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25384
;; flags: qr aa ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;hh3.site. IN SOA
;; ANSWER SECTION:
hh3.site. 3600 IN SOA hh16.hh3.site.
hostmaster.hh3.site. 6 900 600 86400 0
Found zone name: hh3.site
The master is: hh16.hh3.site
start_gssrequest
send_gssrequest
Outgoing update query:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3099
;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;3768628576.sig-hh16.hh3.site. ANY TKEY
;; ADDITIONAL SECTION:
3768628576.sig-hh16.hh3.site. 0 ANY TKEY gss-tsig. 1368261695 1368261695
3 NOERROR 1244 YIIE2AYGKwYBBQUCoIIEzDCCBMigDTALBgkqhkiG9xIBAgKiggS1BIIE
sWCCBK0GCSqGSIb3EgECAgEAboIEnDCCBJigAwIBBaEDAgEOogcDBQAg
AAAAo4IDmmGCA5YwggOSoAMCAQWhChsISEgzLlNJVEWiHzAdoAMCAQGh
FjAUGwNETlMbDWhoMTYuaGgzLnNpdGWjggNcMIIDWKADAgEXoQMCAQGi
ggNKBIIDRlUabLy43CC30nH0ztt7pJM4GMIzCsGtI/fq2Cpy9+xiLCFi
s0cK6oMdAgTxXBXKHBugCAw/2Nc/Bq2hueJp+mgkO0YrNklk0KqNCHcT
xlsa2+Iysb3JAeOQKFiF3rfirW8GNP+5c7d79ZVf6vXPRXnKCQ/waxum
BJhUZkzcUZT1d34E4xIdZJBSp7vD3kFk5odFPMCehkXt/122hMAbvOKu
0QG0dI3hVhadgAN8RUDyCyAOaAcY2hwfdLnodQACSdJBc3mnw6y6UJvp
RjyaibVx8rbDY3kLE5qDPR+ttB46B1kkrRqzbFAQU9bju63Ipbb/naa+
KxoA753ImXCCpDYA/biXGu0tLz8EsWk1HoO+Ij+aqjtqNPAa4u6+qS/0
XtZTeRPzjNBs2nkleWVHwr6PRB5Lfa8W9POZwAw5+CiY1DHN7BbmYqwW
kIxTO4pFg6mrOe9IaYspfO6bVmrNS45snNJraURPEwXIwAm2O0RwBvZR
wG+W8tP04yFyI7eszyvU1IJJTwaFX8DO/abSrmIaMPvgvoTi9eDb5YYo
mqJmOQKFQkJMmSOkBkc+KIqIJXuXPVtz3ArRY6gE44Ju+1WAJvMDXopz
fIxRydSxbu1Fyd1UR0YkBqRs0KfnGAY4YnnjspfgcrQFmCTROauBidea
MkyJOaeARZZDfA/9D4b/giHEjZxDxQ8roWrv1eggaQSGqa3kILma5rB3
IZzbGmCkXz1QRPMNncxtoA+MU/63S0Ebd0ubcyqkG0fImZFFYkpTO4BS
7R/0u1E1iIb2jAkxZT6H0EtpeC/yPAYzCkgSphfT6rbpqZvET3W2q2Sp
Ig3fwlOFGWTz8GvFH8aBjSnAQkaNarTvlaxt1D0pcn3kSLhpV1SzpYMA
DL+mnSXGhCxypvVYyZ8scXf+eW0jXy/th4B6tzrocz/x9d76hWYlIzFd
Fhs78rz8yKauXn/1H2sJRldg0atYOFMTjfMAgTigLDuDOBt4YPFfArow
OYtBkA/ykZBCjlIgV5BmrqOBpNqBeeGWPRxUrXrnO3W4nebQUH3LRYie
WaEaUbeBnCR8QD1ekQJ1rKIYC8tEKK17tTiYW2YSgrlUYPPt8FvL526H
5sjZFu2kgeQwgeGgAwIBF6KB2QSB1hA7lI/olfXairjMfhodpVSAOTgu
lM1BFzb44h8+Mu5to6ZiG/ZBPC3EdXkHKiyy1Z3tzOJIA6MRtU971vNp
FVj8WCG8r+0MJNi2EpgbrSJswRcJER2TPdZt7LROdztKM30WEaSOH+5W
mVWdgrzdJnt1CnAu+Xgt9ZryB+D/ClHgoc8x9ubJqJsAGb2HkoKx5wL6
0INBenMRvUcpGBGQpwm5TTzLhWm8PzgY8fgXq0tHKupIEhKhGtWCOLa3
4KLM1vg/cpf92sL6O+4vBiFHtVzMwTBW1iE= 0
recvmsg reply from GSS-TSIG query
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3099
;; flags: qr ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;3768628576.sig-hh16.hh3.site. ANY TKEY
;; ANSWER SECTION:
3768628576.sig-hh16.hh3.site. 0 ANY TKEY gss-tsig. 1368261695 1368261695
3 NOERROR 182 oYGzMIGwoAMKAQChCwYJKoZIhvcSAQICooGbBIGYYIGVBgkqhkiG9xIB
AgICAG+BhTCBgqADAgEFoQMCAQ+idjB0oAMCAReibQRrSKJ1+4+PHfd7
OARWsz4211kkiXorLDD3Q/cA99dJ3KVNpfjTza9+5jQ9cvygULCqo73Q
70a8Or+USG3q+TAaCzEUuJ/McPpmcly5fXFkY3ES5xtIXv/yp0tJXXsA
ixNl/6pt2FqLT+10SI4= 0
;; TSIG PSEUDOSECTION:
3768628576.sig-hh16.hh3.site. 0 ANY TSIG gss-tsig. 1368261704 300 28
BAQF//////8AAAAAFKquCK9Y5B2dtDDIUnGo8g== 3099 NOERROR 0
Sending update to 192.168.1.16#53
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 49895
;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1
;; UPDATE SECTION:
pinoso.hh3.site. 3600 IN A 192.168.1.100
;; TSIG PSEUDOSECTION:
3768628576.sig-hh16.hh3.site. 0 ANY TSIG gss-tsig. 1368261695 300 28
BAQE//////8AAAAACnjz67DpwRhWZSDZ2gT5HQ== 49895 NOERROR 0
; TSIG error with server: tsig verify failure
Reply from update query:
;; ->>HEADER<<- opcode: UPDATE, status: SERVFAIL, id: 49895
;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1
;; ZONE SECTION:
;hh3.site. IN SOA
;; UPDATE SECTION:
pinoso.hh3.site. 3600 IN A 192.168.1.100
;; TSIG PSEUDOSECTION:
3768628576.sig-hh16.hh3.site. 0 ANY TSIG gss-tsig. 1368261695 300 28
BAQE//////8AAAAACnjz67DpwRhWZSDZ2gT5HQ== 49895 NOERROR 0
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
