Problems with Samba 4 Beta 1 and a possible bug that was previously reported

Trever L. Adams trever.adams at
Fri Jun 8 03:12:22 MDT 2012

On 06/07/2012 12:57 AM, Andrew Bartlett wrote:
> We will need many more details on both issues before we can go
> further. Perhaps we can start by how 'samba 20 ate my installations',
> and what exactly you did after that. Thanks, Andrew Bartlett 
I am not sure if DNS would be the problem. I have it updating properly
on the samba server (nsupdate -g and samba-tool dns). However, I did
notice the following problem:

Further information from a windows machine:
The system failed to register host (A or AAAA) resource records (RRs)
for network adapter
with settings:

   Adapter Name : {EE849349-974E-49FE-A564-5D6DF2352176}
   Host Name : machine_name
   Primary Domain Suffix :
   DNS server list :
   Sent update to server : [2001:XXXX]:53
   IP Address(es) :
     2001:XXXX, fd99:XXXX, 10.XXX

 The reason the system could not register these RRs was because of a
security related problem. The cause of this could be (a) your computer
does not have permissions to register and update the specific DNS domain
name set for this adapter, or (b) there might have been a problem
negotiating valid credentials with the DNS server during the processing
of the update request.

 You can manually retry DNS registration of the network adapter and its
settings by typing "ipconfig /registerdns" at the command prompt. If
problems still persist, contact your DNS server or network systems
administrator. For specific error code, see the record data displayed below.

Running the recommended command just yields the same result in the event
viewer. The only other errors I can find in the logs are related to a
GPO software install on one or more machines (working on resolving
that). But it doesn't seem to be related to Samba as the rest of the
programs went in.

From the Samba server:
failed gss_inquire_cred: GSSAPI error: Major = Unspecified GSS failure. 
Minor code may provide more information, Minor = Success.
gss-api source name (accept) is MACHINE_NAME$@DOMAIN.ORG
process_gsstkey(): dns_tsigerror_noerror

I do have the right allow-query lines in the options in /etc/named.conf.
I also have:
tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
and at the bottom:
include "/usr/local/samba/private/named.conf";

The named.conf in private is a modified one created by the install
because I have bind 9.9 on my system and not 9.8. That is the only change.

Attempting to get further information, I have moved the profiles out of
profiles and tried logging in with no success. I still haven't been able
to figure out the read only problem nor with Firefox start-up.

Thank you for any help,
"The hand that rocks the cradle is the hand that rules the world" -- W.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the samba-technical mailing list