[Samba] dnsupdate: TKEY is unacceptable
Lars Hanke
debian at lhanke.de
Wed Jun 11 00:20:27 MDT 2014
I set up samba with BIND9_DLZ as described in the official howto. Bind
seems to resolve all the provisioned names and the very basic samba
connectivity seems to be established. According to the howto I tried:
samba_dnsupdate --verbose --all-names
and I get
dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
for each entry. The smb.conf global section:
[global]
workgroup = AD
realm = AD.EXAMPLE.COM
netbios name = SAMBA
server role = active directory domain controller
private dir = /srv/files/private
lock directory = /srv/files
state directory = /srv/files/state
cache directory = /srv/files/cache
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl, winbind, ntp_signd, kcc, dnsupdate
idmap_ldb:use rfc2307 = yes
And Bind9 is started with
export KRB5_KTNAME=/srv/files/private/dns.keytab
and it hs the following settings in named.conf.options:
tkey-gssapi-keytab "/srv/files/private/dns.keytab";
tkey-gssapi-credential "DNS/samba.ad.example.com";
tkey-domain "AD.EXAMPLE.COM";
Any idea hot to troubleshoot this situation?
Thanks for your help,
- lars.
More information about the samba
mailing list