[Samba] TKEY is unacceptible [SEC=UNOFFICIAL]

Thamm, Russell russell.thamm at dsto.defence.gov.au
Mon Jul 28 23:48:35 MDT 2014 

UNOFFICIAL

Thanks again Steve.

I've rebuilt my 2003 server domain from scratch. 

I uninstalled and reinstalled SAMBA.

I joined the domain making sure all the hostname stuff was correct.

Now dynamic updates using bind seem to be working properly. 

You've saved what's left of my sanity.

Cheers
Russell

-----Original Message-----
From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of steve
Sent: Tuesday, 22 July, 2014 4:27 p.m.
To: samba at lists.samba.org
Subject: Re: [Samba] TKEY is unacceptible [SEC=UNOFFICIAL]

On Tue, 2014-07-22 at 05:08 +0000, Thamm, Russell wrote:
> UNOFFICIAL
> 
> Thanks Steve,
> 
> I really appreciate your response.
> 
> It would probably be sensible to have the hostname information in the user documentation.
User documentation? This is open source;)

> 
> After getting hostname to work properly, samba_upgradedns still creates the wrong dns account. So I gather that it's too late for me to recover from this mistake.
Hi
Unfortunately, no one else has answered so if it's just us and you want a decision on where to spend your time, we'd go for a new join: Restore the original DC from its backup to a point _before_ the join, remove the private directory from the wrong-dns DC and join anew. There may well be a way to recover from a wrong hostname situation, but you could be waiting days for any clues.
> 
> I have searched the web concerning Samba4 and .local. I have found several recommendations against using .local but the reasons provided seem irrelevant to my situation. I have found no one claiming that it can't be used.
Not a big deal I don't think, but when things are not working it's best to remove any possible gotchas, no matter how insignificant they may be.

Oh, BTW when you get it joined, you'll need to kick start it into replicating. We made a check list:
http://linuxcostablanca.blogspot.com.es/2014/06/samba4-dc-replication-on-ubuntu.html

Cheers,
Steve


> Cheers
> Russell
> 
> -----Original Message-----
> From: samba-bounces at lists.samba.org
> [mailto:samba-bounces at lists.samba.org] On Behalf Of steve
> Sent: Monday, 21 July, 2014 4:03 p.m.
> To: samba at lists.samba.org
> Subject: Re: [Samba] TKEY is unacceptible [SEC=UNOFFICIAL]
> 
> On Mon, 2014-07-21 at 03:16 +0000, Thamm, Russell wrote:
> 
> > 
> > I concluded  that the dns account should be dns-sambabox and not the 
> > current dns-sambabox.MyDomain.local
> > 
> > samba-tool spn list dns-sambabox.mydomain.local returns a spn of
> >       DNS/SAMBABOX.MyDomain.local.mydomain.local.
> 
> Hi
> Kerberos appends the domain name to the hostname, so you have either /etc/hostname, /etc/hosts or /etc/resolv.conf wrong. Or, maybe all three. In your case, hostname is returning fqdn which is why you have the wrong keys. 
> hostname
> hostname -f
> hostname -s
> and
> hostname -d
> must be perfect before you provision or join.
> 
> But in any case, you cannot use a .local domain.
> Cheers,
> Steve
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> IMPORTANT: This email remains the property of the Department of Defence and is subject to the jurisdiction of section 70 of the CRIMES ACT 1914.  If you have received this email in error, you are requested to contact the sender and delete the email.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list