[Samba] Samba ADDS DC krb5 and samba_nsupdate
Felipe
samba at dncom.de
Tue Jan 1 20:40:16 MST 2013
OK now I tried to join again
I saw this messages
descriptor_sd_propagation_recursive: DC=DomainDnsZones,DC=*****,DC=de not found under DC=*****,DC=de
descriptor_sd_propagation_recursive: DC=ForestDnsZones,DC=*****,DC=de not found under DC=*****,DC=de
Unable to find group id for BIND,
set permissions to sam.ldb* files manually Unable to find group id for BIND,
set permissions to sam.ldb* files manually
bind is running as user root
hope to get help
Felipe
-----Mensaje original-----
De: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] En nombre de Felipe
Enviado el: miércoles, 02 de enero de 2013 2:55
Para: samba at lists.samba.org
Asunto: [Samba] Samba ADDS DC krb5 and samba_nsupdate
Hello
I tried on two vms on my vmware Workstation to use samba as DC.
I want use BIND for dns system.
To join the Domain had worked successfully after I recompiled the bind.
It seems the zone are the same but Samba isn't in the ns-record.
If I run dcpromo.exe I get this error message:
This Active Directory DC is the last dns-server for the AD-zones.
If I remove the DC the dns-names can't be resolved any more.
Also Exchange doesn't find the DC
If I type kinit administrator I didn't get an answer
root at linux:~# kinit administrator
Password for administrator at DNCOM.DE:
root at linux:~#
samba-tool drs showrepl have't errors for the replication but on the end
Connection --
Connection name: b1449b55-6603-4b33-abe2-6d78071a5d76
Enabled : TRUE
Server DNS name : QC2NDOHUS2B.dncom.de
Server DN name : CN=NTDS Settings,CN=QC2NDOHUS2B,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dncom,DC=de
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
samba_dnsupdate --verbose --all-names makes also problems
IPs: ['fe80::20c:29ff:fe65:b90e%eth0', '172.16.128.120']
Skipping PDC entry (SRV _ldap._tcp.pdc._msdcs.${DNSDOMAIN} ${HOSTNAME} 389) as we are not a PDC
Skipping PDC entry (SRV _ldap._tcp.pdc._msdcs.${DNSFOREST} ${HOSTNAME} 389) as we are not a PDC
Calling nsupdate for A dncom.de 172.16.128.120 Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
dncom.de. 900 IN A 172.16.128.120
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for A linux.dncom.de 172.16.128.120 Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
linux.dncom.de. 900 IN A 172.16.128.120
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for A gc._msdcs.dncom.de 172.16.128.120 Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
gc._msdcs.dncom.de. 900 IN A 172.16.128.120
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for CNAME f5b7a286-234e-4007-8c53-8686c259ed61._msdcs.dncom.de linux.dncom.de Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
f5b7a286-234e-4007-8c53-8686c259ed61._msdcs.dncom.de. 900 IN CNAME linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _kpasswd._tcp.dncom.de linux.dncom.de 464 Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
_kpasswd._tcp.dncom.de. 900 IN SRV 0 100 464 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _kpasswd._udp.dncom.de linux.dncom.de 464 Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
_kpasswd._udp.dncom.de. 900 IN SRV 0 100 464 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _kerberos._tcp.dncom.de linux.dncom.de 88 Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
_kerberos._tcp.dncom.de. 900 IN SRV 0 100 88 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _kerberos._tcp.dc._msdcs.dncom.de linux.dncom.de 88 Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
_kerberos._tcp.dc._msdcs.dncom.de. 900 IN SRV 0 100 88 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _kerberos._tcp.default-first-site-name._sites.dncom.de linux.dncom.de 88 Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
_kerberos._tcp.default-first-site-name._sites.dncom.de. 900 IN SRV 0 100 88 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _kerberos._tcp.default-first-site-name._sites.dc._msdcs.dncom.de linux.dncom.de 88 Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
_kerberos._tcp.default-first-site-name._sites.dc._msdcs.dncom.de. 900 IN SRV 0 100 88 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _kerberos._udp.dncom.de linux.dncom.de 88 Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
_kerberos._udp.dncom.de. 900 IN SRV 0 100 88 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _ldap._tcp.dncom.de linux.dncom.de 389 Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
_ldap._tcp.dncom.de. 900 IN SRV 0 100 389 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _ldap._tcp.dc._msdcs.dncom.de linux.dncom.de 389 Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
_ldap._tcp.dc._msdcs.dncom.de. 900 IN SRV 0 100 389 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _ldap._tcp.gc._msdcs.dncom.de linux.dncom.de 3268 Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
_ldap._tcp.gc._msdcs.dncom.de. 900 IN SRV 0 100 3268 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _ldap._tcp.default-first-site-name._sites.dncom.de linux.dncom.de 389 Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
_ldap._tcp.default-first-site-name._sites.dncom.de. 900 IN SRV 0 100 389 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _ldap._tcp.default-first-site-name._sites.dc._msdcs.dncom.de linux.dncom.de 389 Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
_ldap._tcp.default-first-site-name._sites.dc._msdcs.dncom.de. 900 IN SRV 0 100 389 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _ldap._tcp.default-first-site-name._sites.gc._msdcs.dncom.de linux.dncom.de 3268 Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
_ldap._tcp.default-first-site-name._sites.gc._msdcs.dncom.de. 900 IN SRV 0 100 3268 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _ldap._tcp.891fe5ff-4712-4ab5-951c-c1584391f0fd.domains._msdcs.dncom.de linux.dncom.de 389 Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
_ldap._tcp.891fe5ff-4712-4ab5-951c-c1584391f0fd.domains._msdcs.dncom.de. 900 IN SRV 0 100 389 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _gc._tcp.dncom.de linux.dncom.de 3268 Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
_gc._tcp.dncom.de. 900 IN SRV 0 100 3268 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _gc._tcp.default-first-site-name._sites.dncom.de linux.dncom.de 3268 Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
_gc._tcp.default-first-site-name._sites.dncom.de. 900 IN SRV 0 100 3268 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Failed update of 20 entries
Felipe
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list