[Samba] dnsupdate: TKEY is unacceptable
Rowland Penny
rowlandpenny at googlemail.com
Wed Jun 11 02:00:17 MDT 2014
On 11/06/14 07:20, Lars Hanke wrote:
> I set up samba with BIND9_DLZ as described in the official howto. Bind
> seems to resolve all the provisioned names and the very basic samba
> connectivity seems to be established. According to the howto I tried:
>
> samba_dnsupdate --verbose --all-names
>
> and I get
>
> dns_tkey_negotiategss: TKEY is unacceptable
> Failed nsupdate: 1
>
> for each entry. The smb.conf global section:
>
>
> [global]
> workgroup = AD
> realm = AD.EXAMPLE.COM
> netbios name = SAMBA
> server role = active directory domain controller
> private dir = /srv/files/private
> lock directory = /srv/files
> state directory = /srv/files/state
> cache directory = /srv/files/cache
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbind, ntp_signd, kcc, dnsupdate
> idmap_ldb:use rfc2307 = yes
>
>
> And Bind9 is started with
>
> export KRB5_KTNAME=/srv/files/private/dns.keytab
>
> and it hs the following settings in named.conf.options:
>
> tkey-gssapi-keytab "/srv/files/private/dns.keytab";
> tkey-gssapi-credential "DNS/samba.ad.example.com";
> tkey-domain "AD.EXAMPLE.COM";
>
> Any idea hot to troubleshoot this situation?
>
> Thanks for your help,
> - lars.
Hi, I use bind9 and don't have this problem, but I seem to do things a
bit differently ;-)
I do not export the KRB5_KTNAME
I only have 'tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";' in
/etc/bind/named.conf.options
My samba base is '/var/lib/samba' , yours appears to be '/srv/files'
I am using Debian 7.5, but it also works the same on Ubuntu 12.04 &
14.04, what OS are you using?
I think that you are going to have to give us a bit more info here.
Rowland
More information about the samba
mailing list