[Samba] Samba 4.7.2 + bind on Fedora 27: samba_dlz: spnego update failed
Achim Gottinger
achim at ag-web.biz
Mon Dec 4 17:12:53 UTC 2017
Am 04.12.2017 um 17:19 schrieb Rowland Penny via samba:
> On Mon, 04 Dec 2017 16:57:15 +0100
> Dario Lesca via samba <samba at lists.samba.org> wrote:
>
>> Il giorno lun, 04/12/2017 alle 16.00 +0100, Dario Lesca via samba ha
>> scritto:
>>> The samba command
>>>
>>> samba_dnsupdate --verbose --all-names --fail-immediately
>>>
>>> not work
>>
>> Following this howto,
>> https://wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable#Verifying_That_the_BIND_AD_Account_Exists_for_the_DC
>>
>> I have try this:
>>
>> [ root at server-addc ~]#
>> LDB_MODULES_PATH=/usr/lib64/samba/ldb/ ldbsearch
>> -H /var/lib/samba/bind-dns/dns/sam.ldb 'cn=dns-DC1' dn # Referral
>> ref: ldap://dogma-to.loc/CN=Configuration,DC=dogma-to,DC=loc
>>
>> # Referral
>> ref: ldap://dogma-to.loc/DC=DomainDnsZones,DC=dogma-to,DC=loc
>>
>> # Referral
>> ref: ldap://dogma-to.loc/DC=ForestDnsZones,DC=dogma-to,DC=loc
>>
>> # returned 3 records
>> # 0 entries
>> # 3 referrals
>>
>> This is not output what howto say I can see.
>>
>> Seem the account dns-DC1 not exist
>>
>> [ root at server-addc ~]# samba-tool user list
>> Administrator
>> Guest
>> krbtgt
>> dns-server-addc
>> ospite
>>
>> Then I run
>>
>> [ root at server-addc ~]# samba_upgradedns --verbose
>> --dns-backend=BIND9_DLZ Reading domain information
>> DNS accounts already exist
>> No zone file /var/lib/samba/bind-dns/dns/DOGMA-TO.LOC.zone
>> DNS records will be automatically created
>> DNS partitions already exist
>> dns-server-addc account already exists
>> Could not remove /var/lib/samba/private/named.conf: No such file
>> or directory Could not
>> remove /var/lib/samba/private/named.conf.update: No such file or
>> directory Could not remove /var/lib/samba/private/named.txt: No such
>> file or directory Could not delete dir /var/lib/samba/private/dns: No
>> such file or directory See /var/lib/samba/bind-dns/named.conf for an
>> example configuration include file for BIND
>> and /var/lib/samba/bind-dns/named.txt for further documentation
>> required for secure DNS updates Finished upgrading DNS
>>
>> But I cannot see the "Adding dns-DC1 account" message like howto say
> Follow what it says in the blue box under the ldbsearch output on the
> wiki page.
>
> Rowland
>
On a sidenote, your server has the name server-addc so your dns account
name is dns-server-addc which exists on your server.
More information about the samba
mailing list