Internal dns server changed between RC2 & 4.1.0pre1-GIT-2c3a808

Rowland Penny repenny at
Mon Oct 15 15:46:28 MDT 2012

On 15/10/12 20:56, Kai Blin wrote:
> On 2012-10-15 21:48, Rowland Penny wrote:
>> On 15/10/12 20:19, Kai Blin wrote:
>>> On 2012-10-15 19:21, Rowland Penny wrote:
>>>> It is one I found on the internet and altered to fit my needs, as I said
>>>> it works on RC2 but now will not work on pre1.
>>>> basically the script is run by dhcp from dhcpd.conf, it checks a
>>>> kerberos keytab then runs nsupdate to first delete the pc's nameserver
>>>> record (if there is one) then adds it into to the required zone. The
>>>> script then checks to see if the record now exists.
>>> Hm, I think we got rid of the DNS special user for RC1, but I seem to
>>> remember Jelmer added back the code that adds it to some of the upgrade
>>> scripts. Did you run any?
>> No I didn't, I just provisioned as normal, but there is a user at
>> CN=dns-adserver,CN=Users,DC=home,DC=lan. Should I remover this user or
>> can I just ignore it?
> Ah, it's a new provision. That's relevant information. Try removing that
> user. It's been causing trouble for me in the past.

dns user removed

>> All the dns tests from the howto work as written. I added the reverse
>> zone via samba-tool:
>> samba-tool dns zonecreate -U
>> Administrator
> Ah, did you restart samba after that? Currently the dnsserver (the RPC
> part that samba-tool dns talks to) doesn't thell the dns server that the
> zone list has changed, but the list is read at startup.

No, I didn't, but I have now, the script is now failing on both trying 
to add to forward zone & to the reverse zone, I just get:
dns_tkey_negotiategss: TKEY is unacceptable

I come back to my original question, why is the TKEY acceptable to RC2 
but not to  4.1.0pre1-GIT-2c3a808

I have tried to use wireshark to get the info required, but cannot seem 
to find the right filter and if I don't  use a filter, there doesn't 
seem to be anything in the capture about dhcp, my script, nsupdate or 
the name server.
>> I then added the reverse record for the server:
> Cheers,
> Kai

Thanks again


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the samba-technical mailing list