[Samba] dns_tkey_negotiategss: TKEY is unacceptable

Rowland penny rpenny at samba.org
Wed Dec 30 18:57:53 UTC 2015


On 30/12/15 18:19, Carlos A. P. Cunha wrote:
> Hello!
> I've got this error
> dns_tkey_negotiategss: TKEY is unacceptable
>
> when running samba_dnsupdate --verbose
>
> With this error dynamic entries stopped working as Type A machines 
> that entered in the field or entry to a new DC.
>
> Already tried the step described here
>
> https://wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable 
>
>
> But when trying to delete the account used the same says that there is 
> (and it really is not listed, create a manual account ok), but when 
> running
>
> samba_upgradedns --dns-backend = BIND9_DLZ
>
> I got the error
>
> Reading domain information
> Traceback (most recent call last):
> File "/ opt / samba / sbin / samba_upgradedns", line 262, in <module>
> paths, lp.configfile, lp)
> File 
> "/opt/samba/lib/python2.7/site-packages/samba/provision/__init__.py", 
> line 282, in find_provision_key_parameters
> names.policyid = str (res7 [0] ["cn"]). replace ("{", ""). replace 
> ("}", "")
> IndexError: list index out of range
>
> With more Debug
>
> [....]
>
> Module 'tombstone_reanimate' is disabled. Skip 
> registration.lpcfg_servicenumber: could not find ldb
> schema_fsmo_init: we are master [in] updates allowed [in]
> lpcfg_servicenumber: could not find ldb
> lpcfg_servicenumber: could not find ldb
> lpcfg_servicenumber: could not find ldb
> schema_fsmo_init: we are master [in] updates allowed [in]
> Traceback (most recent call last):
> File "/ opt / samba / sbin / samba_upgradedns", line 262, in <module>
> paths, lp.configfile, lp)
> File 
> "/opt/samba/lib/python2.7/site-packages/samba/provision/__init__.py", 
> line 282, in find_provision_key_parameters
> names.policyid = str (res7 [0] ["cn"]). replace ("{", ""). replace 
> ("}", "")
> IndexError: list index out of range
>
>
> Thanks
>

I had this problem, and I think, like me, you missed this:

*NOTE:* Until Bug #10882 
<https://bugzilla.samba.org/show_bug.cgi?id=10882> is fixed, you will 
have to temporary switch the backend to SAMBA_INTERNAL and then back to 
BIND9_DLZ as a workaround instead of just setting just it to BIND9_DLZ 
again! Otherwise the account will not be created.

Rowland


More information about the samba mailing list