[Samba] Samba 4.7.2 + bind on Fedora 27: samba_dlz: spnego update failed

Dario Lesca d.lesca at solinos.it
Mon Dec 4 15:57:15 UTC 2017 

Il giorno lun, 04/12/2017 alle 16.00 +0100, Dario Lesca via samba ha
scritto:
> The samba command
> 
>     samba_dnsupdate --verbose  --all-names --fail-immediately
> 
> not work


Following this howto, 
https://wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable#Verifying_That_the_BIND_AD_Account_Exists_for_the_DC

I have try this:

    [    root at server-addc     ~]# LDB_MODULES_PATH=/usr/lib64/samba/ldb/ ldbsearch -H /var/lib/samba/bind-dns/dns/sam.ldb 'cn=dns-DC1' dn
    # Referral
    ref: ldap://dogma-to.loc/CN=Configuration,DC=dogma-to,DC=loc

    # Referral
    ref: ldap://dogma-to.loc/DC=DomainDnsZones,DC=dogma-to,DC=loc

    # Referral
    ref: ldap://dogma-to.loc/DC=ForestDnsZones,DC=dogma-to,DC=loc

    # returned 3 records
    # 0 entries
    # 3 referrals

This is not output what howto say I can see.

Seem the account dns-DC1 not exist

    [    root at server-addc     ~]# samba-tool user list 
    Administrator
    Guest
    krbtgt
    dns-server-addc
    ospite

Then I run

    [    root at server-addc     ~]# samba_upgradedns --verbose --dns-backend=BIND9_DLZ
    Reading domain information
    DNS accounts already exist
    No zone file /var/lib/samba/bind-dns/dns/DOGMA-TO.LOC.zone
    DNS records will be automatically created
    DNS partitions already exist
    dns-server-addc account already exists
    Could not remove /var/lib/samba/private/named.conf: No such file or directory
    Could not remove /var/lib/samba/private/named.conf.update: No such file or directory
    Could not remove /var/lib/samba/private/named.txt: No such file or directory
    Could not delete dir /var/lib/samba/private/dns: No such file or directory
    See /var/lib/samba/bind-dns/named.conf for an example configuration include file for BIND
    and /var/lib/samba/bind-dns/named.txt for further documentation required for secure DNS updates
    Finished upgrading DNS

But I cannot see the "Adding dns-DC1 account" message like howto say


I also run:

    [    root at server-addc     ~]# klist -k /var/lib/samba/bind-dns/dns.keytab
    Keytab name: FILE:/var/lib/samba/bind-dns/dns.keytab
    KVNO Principal
    ---- -------------------------------------------------------------
    -------------
       1     DNS/server-addc.dogma-to.loc at DOGMA-TO.LOC
   1 dns-server-addc at DOGMA-TO.LOC
   1 DNS/server-addc.dogma-to.loc at DOGMA-TO.LOC
   1 dns-server-addc at DOGMA-TO.LOC
   1 DNS/server-addc.dogma-to.loc at DOGMA-TO.LOC
   1 dns-server-addc at DOGMA-TO.LOC
   1 DNS/server-addc.dogma-to.loc at DOGMA-TO.LOC
   1 dns-server-addc at DOGMA-TO.LOC
   1 DNS/server-addc.dogma-to.loc at DOGMA-TO.LOC
   1 dns-server-addc at DOGMA-TO.LOC

Can help this?

Thanks

-- 
Dario Lesca
(inviato dal mio Linux Fedora 27 Workstation)

More information about the samba mailing list