[Samba] TKEY is unacceptable

Steve Thompson smt at vgersoft.com
Thu Feb 13 07:24:04 MST 2014

On Thu, 13 Feb 2014, steve wrote:

> Yes. If you're certain that your bind user can get at his own files
> (there are several of them) then I think that maybe the update has
> trashed the dns record. The only way we know is to use a big hammer to
> remove it and then let nsupdate recreate it on the next attempt:

I have solved the problem, although this wasn't quite the solution. It 
turned out that there was a DNS service account in the database only for 
dc-1; the corresponding account for dc-2 was missing. I have created the 
missing account, and from that generated a new dns.keytab using ktpass.sh, 
and now nsupdate works properly on both dc's.

For more details, see the post in this list from Adam Thorn on 1st July
2011 (thanks Adam!).


More information about the samba mailing list