[Samba] Samba 4.7.2 + bind on Fedora 27: samba_dlz: spnego update failed

Achim Gottinger achim at ag-web.biz
Mon Dec 4 17:12:53 UTC 2017



Am 04.12.2017 um 17:19 schrieb Rowland Penny via samba:
> On Mon, 04 Dec 2017 16:57:15 +0100
> Dario Lesca via samba <samba at lists.samba.org> wrote:
>
>> Il giorno lun, 04/12/2017 alle 16.00 +0100, Dario Lesca via samba ha
>> scritto:
>>> The samba command
>>>
>>>      samba_dnsupdate --verbose  --all-names --fail-immediately
>>>
>>> not work
>>
>> Following this howto,
>> https://wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable#Verifying_That_the_BIND_AD_Account_Exists_for_the_DC
>>
>> I have try this:
>>
>>      [    root at server-addc     ~]#
>> LDB_MODULES_PATH=/usr/lib64/samba/ldb/ ldbsearch
>> -H /var/lib/samba/bind-dns/dns/sam.ldb 'cn=dns-DC1' dn # Referral
>> ref: ldap://dogma-to.loc/CN=Configuration,DC=dogma-to,DC=loc
>>
>>      # Referral
>>      ref: ldap://dogma-to.loc/DC=DomainDnsZones,DC=dogma-to,DC=loc
>>
>>      # Referral
>>      ref: ldap://dogma-to.loc/DC=ForestDnsZones,DC=dogma-to,DC=loc
>>
>>      # returned 3 records
>>      # 0 entries
>>      # 3 referrals
>>
>> This is not output what howto say I can see.
>>
>> Seem the account dns-DC1 not exist
>>
>>      [    root at server-addc     ~]# samba-tool user list
>>      Administrator
>>      Guest
>>      krbtgt
>>      dns-server-addc
>>      ospite
>>
>> Then I run
>>
>>      [    root at server-addc     ~]# samba_upgradedns --verbose
>> --dns-backend=BIND9_DLZ Reading domain information
>>      DNS accounts already exist
>>      No zone file /var/lib/samba/bind-dns/dns/DOGMA-TO.LOC.zone
>>      DNS records will be automatically created
>>      DNS partitions already exist
>>      dns-server-addc account already exists
>>      Could not remove /var/lib/samba/private/named.conf: No such file
>> or directory Could not
>> remove /var/lib/samba/private/named.conf.update: No such file or
>> directory Could not remove /var/lib/samba/private/named.txt: No such
>> file or directory Could not delete dir /var/lib/samba/private/dns: No
>> such file or directory See /var/lib/samba/bind-dns/named.conf for an
>> example configuration include file for BIND
>> and /var/lib/samba/bind-dns/named.txt for further documentation
>> required for secure DNS updates Finished upgrading DNS
>>
>> But I cannot see the "Adding dns-DC1 account" message like howto say
> Follow what it says in the blue box under the ldbsearch output on the
> wiki page.
>
> Rowland
>
On a sidenote, your server has the name server-addc so your dns account 
name is dns-server-addc which exists on your server.





More information about the samba mailing list