This is the situation:
Installed Zentyal 6 as main domain controller SRV01
Installed Zentyal 6 on another machine as domain member SRV03
After installing domain memeber SRV03, restarting the DNS module on SRV01 from the web gui, yields error.
Error is:
2019/02/08 07:40:13 ERROR> Sudo.pm:240 EBox::Sudo::_rootError - root command nsupdate -g -t 10 /var/lib/zentyal/tmp/fP_eCW54tO failed.
2019/02/08 07:40:13 ERROR> Service.pm:969 EBox::Module::Service::restartService - Error restarting service: root command nsupdate -g -t 10 /var/lib/zentyal/tmp/fP_eCW54tO failed.
Error output: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_0).
Changes to DNS are saved and visible on web gui, but not really saved to DNS server.
On SRV01 "samba-tool user list" shows "dns-srv01" dissappeared, but "dns-SRV03" exists!
On SRV03 "samba-tool user list" shows "dns-SRV03" exists.
Tried to create user "dns-srv01" on SRV01 and add it to "DnsAdmins" group with no luck, but error is different:
2019/02/08 09:24:08 ERROR> Service.pm:971 EBox::Module::Service::restartService - root command kinit -k -t /var/lib/samba/private/dns.keytab dns-srv01 failed.
2019/02/08 09:24:08 ERROR> RestartService.pm:61 EBox::SysInfo::CGI::RestartService::_process - Restart of DNS from dashboard failed: root command kinit -k -t /var/lib/samba/private/dns.keytab dns-srv01 failed.
Error output: kinit: Password incorrect