[Samba] TKEY is unacceptible [SEC=UNOFFICIAL]

steve steve at steve-ss.com
Mon Jul 21 00:32:32 MDT 2014

On Mon, 2014-07-21 at 03:16 +0000, Thamm, Russell wrote:

> I concluded  that the dns account should be dns-sambabox and not the current dns-sambabox.MyDomain.local
> samba-tool spn list dns-sambabox.mydomain.local returns a spn of
>       DNS/SAMBABOX.MyDomain.local.mydomain.local.

Kerberos appends the domain name to the hostname, so you have
either /etc/hostname, /etc/hosts or /etc/resolv.conf wrong. Or, maybe
all three. In your case, hostname is returning fqdn which is why you
have the wrong keys. 
hostname -f
hostname -s
hostname -d
must be perfect before you provision or join.

But in any case, you cannot use a .local domain.

More information about the samba mailing list