samba3upgrade and the DNS account
Adam Tauno Williams
awilliam at whitemice.org
Fri Nov 11 08:56:19 MST 2011
Quoting Adam Tauno Williams <awilliam at whitemice.org>:
> Quoting Andrew Bartlett <abartlet at samba.org>:
>>> On Thu, 2011-11-10 at 10:26 -0500, Adam Tauno Williams wrote:
>> Finally, a known issue with upgrades from Samba3 and imports from
>> windows via 'net domain join' is that the dns-machine account is not
>> created.
> Ok, but oddly, it has provisioned this before. If I revert to a
> previous snapshot my DNS keytab looks like -
> barbel:/opt/s4/private # klist -k dns.keytab -e
> ...
> 1 DNS/micore.us at MICORE.US (DES cbc mode with RSA-MD5)
> ...
I don't know how it is possible - but it seems like the existence of a
second interface [IP address] on the host at least contributes to this
problem. I added a second NIC to my testing VM so that I could reach
both the live DC and my testing subnet, and provisioning then leaves
me without a "DNS/micore.us at MICORE.US" entry.
Still having an issue where Kerberos isn't working ["Preauthentication
failed while getting initial credentials" / "Failed to decrypt
PA-DATA"] but without the second NIC I am reliably getting the
DNS/{domain} entry in the keytab file.
More information about the samba-technical
mailing list