[Samba] Fixing dns_tkey_gssnegotiate: TKEY is unacceptable but stuck on check_spn_alias_collision
L. van Belle
belle at samba.org
Mon Aug 8 12:00:41 UTC 2022
Can you run this script..
https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh
and post the content.
Thanks,
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba <samba-bounces at lists.samba.org> Namens Matthew
> Schumacher via samba
> Verzonden: vrijdag 5 augustus 2022 21:52
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Fixing dns_tkey_gssnegotiate: TKEY is unacceptable but
> stuck on check_spn_alias_collision
>
> Hello all,
>
> When trying to run samba_dnsupdate I get "dns_tkey_gssnegotiate: TKEY is
> unacceptable" I see the webpage about this at
> https://wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacce
> ptable
> and when verifying my keytab file I get a number of accounts:
>
> klist -k /var/lib/samba/bind-dns/dns.keytab
> Keytab name: FILE:/var/lib/samba/bind-dns/dns.keytab
> KVNO Principal
> ----
> --------------------------------------------------------------------------
> 1 DNS/dc-2-wsll.ad.domain.net at AD.DOMAIN.NET
> 1 dns-dc-2-wsll at AD.DOMAIN.NET
> 1 DNS/dc-2-wsll.ad.domain.net at AD.DOMAIN.NET
> 1 dns-dc-2-wsll at AD.DOMAIN.NET
> 1 DNS/dc-2-wsll.ad.domain.net at AD.DOMAIN.NET
> 1 dns-dc-2-wsll at AD.DOMAIN.NET
>
> I decided I would cleanup and try again so I:
>
> rm /usr/local/samba/private/dns.keytab
> then
> samba-tool user delete dns-dc-2-wsll
>
> Which seems to work, as I get
>
> Deleted user dns-dc-2-wsll
>
> But then when I reset the dns settings with:
>
> samba_upgradedns --dns-backend=BIND9_DLZ
>
> I see:
>
> Reading domain information
> DNS accounts already exist
> No zone file /var/lib/samba/bind-dns/dns/AD.DOMAIN.NET.zone (normal)
> DNS partitions already exist Adding dns-dc-2-wsll account
> check_spn_alias_collision: trying to add SPN 'DNS/dc-2-wsll.ad.domain.net'
> on 'CN=dns-dc-2-wsll,CN=Users,DC=ad,DC=domain,DC=net' when 'host/dc-
> 2-wsll.ad.domain.net' is on 'CN=dc-2-wsll,OU=Domain
> Controllers,DC=ad,DC=domain,DC=net'
> See /var/lib/samba/bind-dns/named.conf for an example configuration
> include file for BIND and /var/lib/samba/bind-dns/named.txt for further
> documentation required for secure DNS updates Finished upgrading DNS
>
> I'm trying to figure out how to clean this up and reset DNS so I can get it
> work. Any ideas?
>
> Matt
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list