[Samba] samba_dnsupdate --all-names -> dns_tkey_negotiategss: TKEY is unacceptable

Stefan Kania stefan at kania-online.de
Wed May 2 18:15:32 UTC 2018

Hi Rowland

Am 02.05.2018 um 19:54 schrieb Rowland Penny via samba:
> On Wed, 2 May 2018 19:29:15 +0200
> Stefan Kania via samba <samba at lists.samba.org> wrote:
>> Hi Rowland,
>> we ran samba_updatedns because we get the error
>> "ERROR_DNS_UPDATE_FAILED" when joining a Samba-host to the domain.
>> We go by the wiki
>> https://wiki.samba.org/index.php/Troubleshooting_Samba_Domain_Members#DNS_Update_failed:_ERROR_DNS_UPDATE_FAILED
>> and we checked the dynmaic DNS update as written in the wiki:
>> https://wiki.samba.org/index.php/Testing_Dynamic_DNS_Updates
>> That's how we ran into this error. I have never seen this error
>> before. It's the first time I uses CentOS, normally I use debian ;-).
>> Stefan
> Hi Stefan, any reason for going to the dark side ? ;-)
Yes, the wish of the customer :-). They are completely on the dark side

> I wonder if this possibly has anything to do with MIT kerberos ? There
That was one of my thoughts. That and some CentOS Voodoo. Like running
bind9 without an assigned group they only user the user "named" so I
gave permission to both, the group "named" and via setfacl to the user
"named". The bind is is starting and the zones are loaded. With the
changes you gave us (changing the smb.conf "dns update command =
/usr/sbin/samba_dnsupdate --use-samba-tool) the message while joining a
new samba-fs is gone, but the samba_dnsupdate error is still there :-(.
It works but I would like to understand where the error comes from.

> used to be a similar problem on Debian, but this seems to have gone
> away. You got the 'ERROR_DNS_UPDATE_FAILED' message, but it hadn't
> failed.
With debian everything works fine.
> Have you tried testing if the computers record exists after the
> join ?
Now yes, and it will be replicated to all DCs. So I think we stay with
this solution but still this error :-( I don't like error-messages I
don't understand and I don't know where they are coming from.

> Rowland

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20180502/81f29ab3/signature.sig>

More information about the samba mailing list