[Samba] dns_tkey_negotiategss: TKEY is unacceptable[ == RESOLVED == ]
Carlos A. P. Cunha
carlos.hollow at gmail.com
Mon Jan 4 17:15:56 UTC 2016
** I had forgotten to change the subject to Resolved
Good afternoon! I managed to solve my problem sa follows
1° For Solucuonar the error
/opt/samba/lib/python2.7/site-packages/samba/provision/__init__.py +282
I silmplismnete commented the inha 282
# names.policyid = str (res7 [0] ["cn"]). replace ("{", ""). replace
("}", "")
and the error stopped but it still said the dns account still existed,
then I edited the file
ldbedit -and came -H /usr/local/samba/private/secrets.ldb
And I tried to delete the dns account block but error occurred while
trying to save as said not had the atibuto
saltPrincipal
I added the same realm below the line
saltPrincipal: dns-dc-linux @ MYDOMAIN
and deletes all the secrets.ldb block that was referecia the dns account
(dn: samAccountName = dns-dc-linux, CN = Principals) and saved successfully
After that performed
rm /usr/local/samba/private/dns.keytab
and
samba_upgradedns --dns-backend = SAMBA_INTERNAL
and
samba_upgradedns --dns-backend = BIND9_DLZ
and
chown root.bind /usr/local/samba/private/dns.keytab
chmod 640 /usr/local/samba/private/dns.keytab
and
/etc/init.d/bind9 restart
And validei with:
samba_dnsupdate --all-names --verbose
and issue is resolved.
Thanks so much for the help
Em 30-12-2015 18:49, Carlos A. P. Cunha escreveu:
> Hello! Yes already tried this, both he always says that the account
> already exists even if it does not exist, it affects only dicamicas
> entries, entries staticas work and replication as well, but as dynamic
> are troubled by instances in Multiple Sites will have problems ...
>
>
> But some log or command that can help?
>
> Thanks
>
> Em 30-12-2015 18:38, Rowland penny escreveu:
>> On 30/12/15 19:57, Carlos A. P. Cunha wrote:
>>> Hello!
>>> Output of command
>>>
>>> # 1 record
>>> dn:
>>> CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=MYDOMAIN
>>> cn: {31B2F340-016D-11D2-945F-00C04FB984F9}
>>> name: {31B2F340-016D-11D2-945F-00C04FB984F9}
>>>
>>> Referral #
>>> ref: ldap: //interno.mastersonda.com.br/CN=Configuration,DC=MYDOMAIN
>>> Referral #
>>> ref: ldap: //interno.mastersonda.com.br/DC=DomainDnsZones,DC=MYDOMAIN
>>> Referral #
>>> ref: ldap: //interno.mastersonda.com.br/DC=ForestDnsZones,DC=MYDOMAIN
>>> # Returned 4 records
>>> # 1 entries
>>> # 3 referrals
>>>
>>>
>>> One important thing to previous email error edited the file in line
>>> where accuses the error
>>>
>>> I came
>>> /opt/samba/lib/python2.7/site-packages/samba/provision/__init__.py +282
>>>
>>> and commented the line (not sure if this and bad)
>>>
>>> # names.policyid = str (res7 [0] ["cn"]). replace ("{", ""). replace
>>> ("}", "")
>>>
>>> Thus the error entering --dns-backend samba_upgradedns = BIND9_DLZ
>>> or --dns-backend samba_upgradedns = SAMBA_INTERNAL sumio and the
>>> case is made that, however validei the DNS account is deleted but
>>> not recreated, and sometimes when trying to recreate Manually says
>>>
>>>
>>> ERROR (ldb): Failed to add user 'dns-DC-Linux': - samldb: Account
>>> name (sAMAccountName) 'dns-DC-LINUX' already in use!
>>>
>>> However the account does not exist in the User list.
>>>
>>>
>>>
>>> Thanks
>>>
>>>
>>
>> Have you attempted to change the dns backend to the internal dns
>> server, then change it back to the BIND_DLZ dns server, as the wiki
>> page advises ?
>>
>> Rowland
>>
>>
>
More information about the samba
mailing list