[Samba] dns_tkey_negotiategss: TKEY is unacceptable
Roy Eastwood
spindles7 at gmail.com
Wed Oct 23 14:29:07 UTC 2019
I found another reason for this error: dns_tkey_negotiategss: TKEY is unacceptable
After much head scratching it was due to the Apparmour configuration recommended in the WiKi at:
https://wiki.samba.org/index.php/BIND9_DLZ_AppArmor_and_SELinux_Integration
The section for Apparmor which recommends adding lines to /etc/apparmor.d/local/usr.sbin.named, I had to change the line:
from:
/usr/local/samba/private/dns.keytab r,
to:
/usr/local/samba/private/dns.keytab rk,
ie add the 'k' to allow file to be locked.
Once I did that dns updates worked correctly.
Also the above WiKi page needs to be updated to reflect the change of location of these files for later samba versions: ie
/usr/local/samba/bind-dns/*.* etc.
Hopefully this will help others with this error.
Regards,
Roy
More information about the samba
mailing list