Archives

Categories
«  
  »

TSIG Error From SSSD

A common error when using the sssd daemon to authenticate via Active Directory on Linux seems to be:

sssd[$PID]: ; TSIG error with server: tsig verify failure

This is from sssd launching the command “nsupdate -g” to do dynamic DNS updates. It is possible to specify the DNS server in /etc/sssd/sssd.conf but that will only be used AFTER the default servers have been attempted, so it seems impossible to stop this error from happening. It doesn’t appear to do any harm as the correct server is discovered and used eventually. The commands piped to the nsupdate command will be something like:

server $SERVERIP
realm $DOMAIN
update delete $HOSTNAME.$DOMAIN. in A
update add $HOSTNAME.$DOMAIN. 3600 in A $HOSTIP
send
update delete $HOSTNAME.$DOMAIN. in AAAA
send

Related posts:

  1. Dynamic DNS The Problem My SE Linux Play Machine has been down...
  2. Bizarre “No space left on device” error from Xen What should have been a routine “remove DIMMs and run...
  3. Finding Corrupt Files that cause a Kernel Error There is a BTRFS bug in kernel 3.13 which is...
  4. dbus error Strange dbus error from the KDE power monitoring tool...
  5. Google and Certbot (Letsencrypt) Like most people I use Certbot AKA Letsencrypt to create...
August 10th, 2022 | Category: Networking

1 comment to TSIG Error From SSSD

  • Mantas
    August 11, 2022 at 14:52

    > that will only be used AFTER the default servers have been attempted, so it seems impossible to stop this error from happening

    Are the “default” servers set correctly? Normally the update is sent to the ‘primary’ server that your zone’s SOA record indicates – so if it points to a server that’s not set up for GSS-TSIG, make sure to fix the SOA…