dns_tkey_negotiategss: TKEY is unacceptable

Carlos Miguel Bustillo Rdguez cbustillo at uclv.edu.cu
Thu Apr 24 10:33:44 MDT 2014


Hello List:

 I have two Samba4 AD DC: the first is installed with Samba 4.1.6 and the second is installed with Samba 4.1.7. Both server are installed with Debian Wheezy in Proxmox VPS.

My first DC: redtic-ad1
My second DC: redtic-ad2 (is a additional DC)

When I joined redtic-ad2 to my domain the process was successful:
samba-tool domain join redtic.uclv.cu DC -Uadministrator --realm=redtic.uclv.cu --dns-backend=BIND9_DLZ
Finding a writeable DC for domain 'redtic.uclv.cu'
Found DC redtic-ad1.redtic.uclv.cu
Password for [WORKGROUP\administrator]:
workgroup is REDTIC
realm is redtic.uclv.cu
checking sAMAccountName
Deleted CN=RID Set,CN=REDTIC-AD2,OU=Domain Controllers,DC=redtic,DC=uclv,DC=cu
Deleted CN=REDTIC-AD2,OU=Domain Controllers,DC=redtic,DC=uclv,DC=cu
Deleted CN=dns-REDTIC-AD2,CN=Users,DC=redtic,DC=uclv,DC=cu
Deleted CN=NTDS Settings,CN=REDTIC-AD2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=redtic,DC=uclv,DC=cu
Deleted CN=REDTIC-AD2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=redtic,DC=uclv,DC=cu
Adding CN=REDTIC-AD2,OU=Domain Controllers,DC=redtic,DC=uclv,DC=cu
Adding CN=REDTIC-AD2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=redtic,DC=uclv,DC=cu
Adding CN=NTDS Settings,CN=REDTIC-AD2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=redtic,DC=uclv,DC=cu
Adding SPNs to CN=REDTIC-AD2,OU=Domain Controllers,DC=redtic,DC=uclv,DC=cu
Setting account password for REDTIC-AD2$
Enabling account
Adding DNS account CN=dns-REDTIC-AD2,CN=Users,DC=redtic,DC=uclv,DC=cu with dns/ SPN
Setting account password for dns-REDTIC-AD2
Calling bare provision
No IPv6 address will be assigned
Provision OK for domain DN DC=redtic,DC=uclv,DC=cu
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=redtic,DC=uclv,DC=cu] objects[402/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=redtic,DC=uclv,DC=cu] objects[804/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=redtic,DC=uclv,DC=cu] objects[1206/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=redtic,DC=uclv,DC=cu] objects[1550/1550] linked_values[0/0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=redtic,DC=uclv,DC=cu] objects[402/1621] linked_values[0/0]
Partition[CN=Configuration,DC=redtic,DC=uclv,DC=cu] objects[804/1621] linked_values[0/0]
Partition[CN=Configuration,DC=redtic,DC=uclv,DC=cu] objects[1206/1621] linked_values[0/0]
Partition[CN=Configuration,DC=redtic,DC=uclv,DC=cu] objects[1608/1621] linked_values[0/0]
Partition[CN=Configuration,DC=redtic,DC=uclv,DC=cu] objects[1621/1621] linked_values[28/0]
Replicating critical objects from the base DN of the domain
Partition[DC=redtic,DC=uclv,DC=cu] objects[98/98] linked_values[23/0]
Partition[DC=redtic,DC=uclv,DC=cu] objects[373/275] linked_values[23/0]
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=redtic,DC=uclv,DC=cu
Partition[DC=DomainDnsZones,DC=redtic,DC=uclv,DC=cu] objects[48/48] linked_values[0/0]
Replicating DC=ForestDnsZones,DC=redtic,DC=uclv,DC=cu
Partition[DC=ForestDnsZones,DC=redtic,DC=uclv,DC=cu] objects[20/20] linked_values[0/0]
Partition[DC=ForestDnsZones,DC=redtic,DC=uclv,DC=cu] objects[40/20] linked_values[0/0]
Committing SAM database
Sending DsReplicateUpdateRefs for all the replicated partitions
Setting isSynchronized and dsServiceName
Setting up secrets database
Joined domain REDTIC (SID S-1-5-21-1024378014-753251417-1917847088) as a DC

But when I started Samba in redtic-ad2:
/usr/local/samba/sbin/samba_dnsupdate: ldb_wrap open of secrets.ldb
/usr/local/samba/sbin/samba_dnsupdate: dns_tkey_negotiategss: TKEY is unacceptable
Replicated 2 objects (0 linked attributes) for DC=ForestDnsZones,DC=redtic,DC=uclv,DC=cu
/usr/local/samba/sbin/samba_dnsupdate: dns_tkey_negotiategss: TKEY is unacceptable
/usr/local/samba/sbin/samba_dnsupdate: dns_tkey_negotiategss: TKEY is unacceptable
Replicated 2 objects (0 linked attributes) for DC=DomainDnsZones,DC=redtic,DC=uclv,DC=cu
/usr/local/samba/sbin/samba_dnsupdate: dns_tkey_negotiategss: TKEY is unacceptable
Replicated 0 objects (0 linked attributes) for DC=redtic,DC=uclv,DC=cu
/usr/local/samba/sbin/samba_dnsupdate: dns_tkey_negotiategss: TKEY is unacceptable
/usr/local/samba/sbin/samba_dnsupdate: dns_tkey_negotiategss: TKEY is unacceptable
/usr/local/samba/sbin/samba_dnsupdate: dns_tkey_negotiategss: TKEY is unacceptable
/usr/local/samba/sbin/samba_dnsupdate: dns_tkey_negotiategss: TKEY is unacceptable
/usr/local/samba/sbin/samba_dnsupdate: dns_tkey_negotiategss: TKEY is unacceptable
/usr/local/samba/sbin/samba_dnsupdate: dns_tkey_negotiategss: TKEY is unacceptable
/usr/local/samba/sbin/samba_dnsupdate: dns_tkey_negotiategss: TKEY is unacceptable
Replicated 0 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=redtic,DC=uclv,DC=cu
/usr/local/samba/sbin/samba_dnsupdate: dns_tkey_negotiategss: TKEY is unacceptable
/usr/local/samba/sbin/samba_dnsupdate: dns_tkey_negotiategss: TKEY is unacceptable
/usr/local/samba/sbin/samba_dnsupdate: dns_tkey_negotiategss: TKEY is unacceptable
/usr/local/samba/sbin/samba_dnsupdate: dns_tkey_negotiategss: TKEY is unacceptable
/usr/local/samba/sbin/samba_dnsupdate: dns_tkey_negotiategss: TKEY is unacceptable
Replicated 1 objects (0 linked attributes) for CN=Configuration,DC=redtic,DC=uclv,DC=cu
/usr/local/samba/sbin/samba_dnsupdate: dns_tkey_negotiategss: TKEY is unacceptable
/usr/local/samba/sbin/samba_dnsupdate: dns_tkey_negotiategss: TKEY is unacceptable

I ran samba_dnsupdate --verbose:
IPs: ['10.12.112.85']
Skipping PDC entry (SRV _ldap._tcp.pdc._msdcs.${DNSDOMAIN}                   ${HOSTNAME} 389) as we are not a PDC
Skipping PDC entry (SRV _ldap._tcp.pdc._msdcs.${DNSFOREST}                   ${HOSTNAME} 389) as we are not a PDC
Looking for DNS entry A redtic.uclv.cu 10.12.112.85 as redtic.uclv.cu.
Failed to find matching DNS entry A redtic.uclv.cu 10.12.112.85
Looking for DNS entry A redtic-ad2.redtic.uclv.cu 10.12.112.85 as redtic-ad2.redtic.uclv.cu.
Looking for DNS entry A gc._msdcs.redtic.uclv.cu 10.12.112.85 as gc._msdcs.redtic.uclv.cu.
Failed to find matching DNS entry A gc._msdcs.redtic.uclv.cu 10.12.112.85
Looking for DNS entry CNAME b81b83c1-c805-43ad-97dc-04f8b0b56389._msdcs.redtic.uclv.cu redtic-ad2.redtic.uclv.cu as b81b83c1-c805-43ad-97dc-04f8b0b56389._msdcs.redtic.uclv.cu.
Looking for DNS entry SRV _kpasswd._tcp.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 464 as _kpasswd._tcp.redtic.uclv.cu.
Checking 0 100 464 redtic-ad1.redtic.uclv.cu. against SRV _kpasswd._tcp.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 464
Failed to find matching DNS entry SRV _kpasswd._tcp.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 464
Looking for DNS entry SRV _kpasswd._udp.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 464 as _kpasswd._udp.redtic.uclv.cu.
Checking 0 100 464 redtic-ad1.redtic.uclv.cu. against SRV _kpasswd._udp.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 464
Failed to find matching DNS entry SRV _kpasswd._udp.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 464
Looking for DNS entry SRV _kerberos._tcp.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 88 as _kerberos._tcp.redtic.uclv.cu.
Checking 0 100 88 redtic-ad1.redtic.uclv.cu. against SRV _kerberos._tcp.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 88
Failed to find matching DNS entry SRV _kerberos._tcp.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 88
Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 88 as _kerberos._tcp.dc._msdcs.redtic.uclv.cu.
Checking 0 100 88 redtic-ad1.redtic.uclv.cu. against SRV _kerberos._tcp.dc._msdcs.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 88
Failed to find matching DNS entry SRV _kerberos._tcp.dc._msdcs.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 88
Looking for DNS entry SRV _kerberos._tcp.default-first-site-name._sites.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 88 as _kerberos._tcp.default-first-site-name._sites.redtic.uclv.cu.
Checking 0 100 88 redtic-ad1.redtic.uclv.cu. against SRV _kerberos._tcp.default-first-site-name._sites.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 88
Failed to find matching DNS entry SRV _kerberos._tcp.default-first-site-name._sites.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 88
Looking for DNS entry SRV _kerberos._tcp.default-first-site-name._sites.dc._msdcs.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 88 as _kerberos._tcp.default-first-site-name._sites.dc._msdcs.redtic.uclv.cu.
Checking 0 100 88 redtic-ad1.redtic.uclv.cu. against SRV _kerberos._tcp.default-first-site-name._sites.dc._msdcs.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 88
Failed to find matching DNS entry SRV _kerberos._tcp.default-first-site-name._sites.dc._msdcs.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 88
Looking for DNS entry SRV _kerberos._udp.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 88 as _kerberos._udp.redtic.uclv.cu.
Checking 0 100 88 redtic-ad1.redtic.uclv.cu. against SRV _kerberos._udp.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 88
Failed to find matching DNS entry SRV _kerberos._udp.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 88
Looking for DNS entry SRV _ldap._tcp.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 389 as _ldap._tcp.redtic.uclv.cu.
Checking 0 100 389 redtic-ad1.redtic.uclv.cu. against SRV _ldap._tcp.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 389
Failed to find matching DNS entry SRV _ldap._tcp.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 389
Looking for DNS entry SRV _ldap._tcp.dc._msdcs.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 389 as _ldap._tcp.dc._msdcs.redtic.uclv.cu.
Checking 0 100 389 redtic-ad1.redtic.uclv.cu. against SRV _ldap._tcp.dc._msdcs.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 389
Failed to find matching DNS entry SRV _ldap._tcp.dc._msdcs.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 389
Looking for DNS entry SRV _ldap._tcp.gc._msdcs.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 3268 as _ldap._tcp.gc._msdcs.redtic.uclv.cu.
Checking 0 100 3268 redtic-ad1.redtic.uclv.cu. against SRV _ldap._tcp.gc._msdcs.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 3268
Failed to find matching DNS entry SRV _ldap._tcp.gc._msdcs.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 3268
Looking for DNS entry SRV _ldap._tcp.default-first-site-name._sites.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 389 as _ldap._tcp.default-first-site-name._sites.redtic.uclv.cu.
Checking 0 100 389 redtic-ad1.redtic.uclv.cu. against SRV _ldap._tcp.default-first-site-name._sites.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 389
Failed to find matching DNS entry SRV _ldap._tcp.default-first-site-name._sites.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 389
Looking for DNS entry SRV _ldap._tcp.default-first-site-name._sites.dc._msdcs.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 389 as _ldap._tcp.default-first-site-name._sites.dc._msdcs.redtic.uclv.cu.
Checking 0 100 389 redtic-ad1.redtic.uclv.cu. against SRV _ldap._tcp.default-first-site-name._sites.dc._msdcs.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 389
Failed to find matching DNS entry SRV _ldap._tcp.default-first-site-name._sites.dc._msdcs.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 389
Looking for DNS entry SRV _ldap._tcp.default-first-site-name._sites.gc._msdcs.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 3268 as _ldap._tcp.default-first-site-name._sites.gc._msdcs.redtic.uclv.cu.
Checking 0 100 3268 redtic-ad1.redtic.uclv.cu. against SRV _ldap._tcp.default-first-site-name._sites.gc._msdcs.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 3268
Failed to find matching DNS entry SRV _ldap._tcp.default-first-site-name._sites.gc._msdcs.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 3268
Looking for DNS entry SRV _ldap._tcp.3750b0a9-c6c5-4b59-8230-af5729cfc880.domains._msdcs.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 389 as _ldap._tcp.3750b0a9-c6c5-4b59-8230-af5729cfc880.domains._msdcs.redtic.uclv.cu.
Checking 0 100 389 redtic-ad1.redtic.uclv.cu. against SRV _ldap._tcp.3750b0a9-c6c5-4b59-8230-af5729cfc880.domains._msdcs.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 389
Failed to find matching DNS entry SRV _ldap._tcp.3750b0a9-c6c5-4b59-8230-af5729cfc880.domains._msdcs.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 389
Looking for DNS entry SRV _gc._tcp.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 3268 as _gc._tcp.redtic.uclv.cu.
Checking 0 100 3268 redtic-ad1.redtic.uclv.cu. against SRV _gc._tcp.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 3268
Failed to find matching DNS entry SRV _gc._tcp.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 3268
Looking for DNS entry SRV _gc._tcp.default-first-site-name._sites.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 3268 as _gc._tcp.default-first-site-name._sites.redtic.uclv.cu.
Checking 0 100 3268 redtic-ad1.redtic.uclv.cu. against SRV _gc._tcp.default-first-site-name._sites.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 3268
Failed to find matching DNS entry SRV _gc._tcp.default-first-site-name._sites.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 3268
Calling nsupdate for A redtic.uclv.cu 10.12.112.85
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
redtic.uclv.cu.        900    IN    A    10.12.112.85

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for A gc._msdcs.redtic.uclv.cu 10.12.112.85
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
gc._msdcs.redtic.uclv.cu. 900    IN    A    10.12.112.85

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for SRV _kpasswd._tcp.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 464
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kpasswd._tcp.redtic.uclv.cu. 900 IN    SRV    0 100 464 redtic-ad2.redtic.uclv.cu.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for SRV _kpasswd._udp.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 464
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kpasswd._udp.redtic.uclv.cu. 900 IN    SRV    0 100 464 redtic-ad2.redtic.uclv.cu.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for SRV _kerberos._tcp.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 88
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.redtic.uclv.cu. 900 IN    SRV    0 100 88 redtic-ad2.redtic.uclv.cu.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for SRV _kerberos._tcp.dc._msdcs.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 88
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.dc._msdcs.redtic.uclv.cu. 900 IN    SRV 0 100 88 redtic-ad2.redtic.uclv.cu.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for SRV _kerberos._tcp.default-first-site-name._sites.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 88
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.default-first-site-name._sites.redtic.uclv.cu. 900 IN SRV 0 100 88 redtic-ad2.redtic.uclv.cu.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for SRV _kerberos._tcp.default-first-site-name._sites.dc._msdcs.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 88
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.default-first-site-name._sites.dc._msdcs.redtic.uclv.cu.    900 IN SRV 0 100 88 redtic-ad2.redtic.uclv.cu.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for SRV _kerberos._udp.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 88
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._udp.redtic.uclv.cu. 900 IN    SRV    0 100 88 redtic-ad2.redtic.uclv.cu.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for SRV _ldap._tcp.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 389
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.redtic.uclv.cu. 900    IN    SRV    0 100 389 redtic-ad2.redtic.uclv.cu.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for SRV _ldap._tcp.dc._msdcs.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 389
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.dc._msdcs.redtic.uclv.cu. 900 IN SRV    0 100 389 redtic-ad2.redtic.uclv.cu.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for SRV _ldap._tcp.gc._msdcs.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 3268
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.gc._msdcs.redtic.uclv.cu. 900 IN SRV    0 100 3268 redtic-ad2.redtic.uclv.cu.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for SRV _ldap._tcp.default-first-site-name._sites.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 389
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.default-first-site-name._sites.redtic.uclv.cu. 900 IN SRV 0 100 389 redtic-ad2.redtic.uclv.cu.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for SRV _ldap._tcp.default-first-site-name._sites.dc._msdcs.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 389
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.default-first-site-name._sites.dc._msdcs.redtic.uclv.cu. 900    IN SRV 0 100 389 redtic-ad2.redtic.uclv.cu.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for SRV _ldap._tcp.default-first-site-name._sites.gc._msdcs.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 3268
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.default-first-site-name._sites.gc._msdcs.redtic.uclv.cu. 900    IN SRV 0 100 3268 redtic-ad2.redtic.uclv.cu.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for SRV _ldap._tcp.3750b0a9-c6c5-4b59-8230-af5729cfc880.domains._msdcs.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 389
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.3750b0a9-c6c5-4b59-8230-af5729cfc880.domains._msdcs.redtic.uclv.cu. 900 IN SRV 0 100 389 redtic-ad2.redtic.uclv.cu.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for SRV _gc._tcp.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 3268
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_gc._tcp.redtic.uclv.cu. 900    IN    SRV    0 100 3268 redtic-ad2.redtic.uclv.cu.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for SRV _gc._tcp.default-first-site-name._sites.redtic.uclv.cu redtic-ad2.redtic.uclv.cu 3268
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_gc._tcp.default-first-site-name._sites.redtic.uclv.cu.    900 IN SRV 0 100 3268 redtic-ad2.redtic.uclv.cu.

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Failed update of 18 entries

The output of klist -k /usr/local/samba/private/dns.keytab is:
Keytab name: FILE:/usr/local/samba/private/dns.keytab
KVNO Principal
---- --------------------------------------------------------------------------
   1 DNS/redtic-ad2.redtic.uclv.cu at REDTIC.UCLV.CU<mailto:DNS/redtic-ad2.redtic.uclv.cu at REDTIC.UCLV.CU>
   1 dns-REDTIC-AD2 at REDTIC.UCLV.CU<mailto:dns-REDTIC-AD2 at REDTIC.UCLV.CU>
   1 DNS/redtic-ad2.redtic.uclv.cu at REDTIC.UCLV.CU<mailto:DNS/redtic-ad2.redtic.uclv.cu at REDTIC.UCLV.CU>
   1 dns-REDTIC-AD2 at REDTIC.UCLV.CU<mailto:dns-REDTIC-AD2 at REDTIC.UCLV.CU>
   1 DNS/redtic-ad2.redtic.uclv.cu at REDTIC.UCLV.CU<mailto:DNS/redtic-ad2.redtic.uclv.cu at REDTIC.UCLV.CU>
   1 dns-REDTIC-AD2 at REDTIC.UCLV.CU<mailto:dns-REDTIC-AD2 at REDTIC.UCLV.CU>
   1 DNS/redtic-ad2.redtic.uclv.cu at REDTIC.UCLV.CU<mailto:DNS/redtic-ad2.redtic.uclv.cu at REDTIC.UCLV.CU>
   1 dns-REDTIC-AD2 at REDTIC.UCLV.CU<mailto:dns-REDTIC-AD2 at REDTIC.UCLV.CU>
   1 DNS/redtic-ad2.redtic.uclv.cu at REDTIC.UCLV.CU<mailto:DNS/redtic-ad2.redtic.uclv.cu at REDTIC.UCLV.CU>
   1 dns-REDTIC-AD2 at REDTIC.UCLV.CU<mailto:dns-REDTIC-AD2 at REDTIC.UCLV.CU>


The of klist -k /usr/local/samba/private/dns.keytab in redtic-ad1 is:
Keytab name: FILE:/usr/local/samba/private/dns.keytab
KVNO Principal
---- --------------------------------------------------------------------------
   1 DNS/redtic-ad1.redtic.uclv.cu at REDTIC.UCLV.CU<mailto:DNS/redtic-ad1.redtic.uclv.cu at REDTIC.UCLV.CU>
   1 dns-redtic-ad1 at REDTIC.UCLV.CU<mailto:dns-redtic-ad1 at REDTIC.UCLV.CU>
   1 DNS/redtic-ad1.redtic.uclv.cu at REDTIC.UCLV.CU<mailto:DNS/redtic-ad1.redtic.uclv.cu at REDTIC.UCLV.CU>
   1 dns-redtic-ad1 at REDTIC.UCLV.CU<mailto:dns-redtic-ad1 at REDTIC.UCLV.CU>
   1 DNS/redtic-ad1.redtic.uclv.cu at REDTIC.UCLV.CU<mailto:DNS/redtic-ad1.redtic.uclv.cu at REDTIC.UCLV.CU>
   1 dns-redtic-ad1 at REDTIC.UCLV.CU<mailto:dns-redtic-ad1 at REDTIC.UCLV.CU>
   1 DNS/redtic-ad1.redtic.uclv.cu at REDTIC.UCLV.CU<mailto:DNS/redtic-ad1.redtic.uclv.cu at REDTIC.UCLV.CU>
   1 dns-redtic-ad1 at REDTIC.UCLV.CU<mailto:dns-redtic-ad1 at REDTIC.UCLV.CU>
   1 DNS/redtic-ad1.redtic.uclv.cu at REDTIC.UCLV.CU<mailto:DNS/redtic-ad1.redtic.uclv.cu at REDTIC.UCLV.CU>
   1 dns-redtic-ad1 at REDTIC.UCLV.CU<mailto:dns-redtic-ad1 at REDTIC.UCLV.CU>

Any help is welcome

Regards, Carlos




________________________________
Universidad Central "Marta Abreu" de Las Villas.
Fundada el 30 de noviembre de 1952. Visítenos en: http://www.uclv.edu.cu




More information about the samba-technical mailing list