[Samba] DDNS Error

Stefan Kania stefan at kania-online.de
Wed May 16 11:25:41 UTC 2018 

@Rowland The tip with the Server who created the entry was good, but not
our problem. We tried it with different hosts on both systems
@Christian I know but at some point you try everything ;-)
We fixed it the Microsoft-way by rebooting both DCs after the reboot
everything was fine :-)

Am 16.05.2018 um 12:57 schrieb Christian Naumer via samba:
> The DDNS setup from the wiki uses the keytab of the seperate
> 
> "Unprivileged user for TSIG-GSSAPI DNS updates via ISC DHCP server"
> 
> you have to Check this one not the one which BIND uses.
> 
> Regards
> 
> 
> Am 16.05.2018 um 12:45 schrieb Rowland Penny via samba:
>> On Wed, 16 May 2018 12:32:52 +0200 Stefan Kania via samba
>> <samba at lists.samba.org> wrote:
>>
>>> It's me again :-) Now we have DDNS with DHCP running but we have
>>> a problem on one of our two DCs. Btw we used the setup and the
>>> script from wiki. Doing a "dhclient" on a host we are getting the
>>> following messages: ------------- Mai 16 12:13:28 samba41
>>> dhcpd[3961]: Commit: IP: 192.168.0.249 DHCID: 1:50:5b:5d:1c:ab:aa
>>> Name: horst Mai 16 12:13:28 samba41 dhcpd[3961]:
>>> execute_statement argv[0] = /etc/dhcp/bin/dhcp-dyndns.sh Mai 16
>>> 12:13:28 samba41 dhcpd[3961]: execute_statement argv[1] = add Mai
>>> 16 12:13:28 samba41 dhcpd[3961]: execute_statement argv[2] = 
>>> 192.168.0.249 Mai 16 12:13:28 samba41 dhcpd[3961]:
>>> execute_statement argv[3] = 1:50:5b:5d:1c:ab:aa Mai 16 12:13:28
>>> samba41 dhcpd[3961]: execute_statement argv[4] = horst Mai 16
>>> 12:13:28 samba41 root[7505]: DHCP-DNS Update failed: 11 Mai 16
>>> 12:13:28 samba41 dhcpd[3961]: execute: 
>>> /etc/dhcp/bin/dhcp-dyndns.sh exit status 2816 -------------
>>>
>>> We then tried to create the entry with the script: 
>>> ---------------- /etc/dhcp/bin/dhcp-dyndns.sh "add"
>>> 192.168.225.60 1:50:5b:5d:1c:ab:aa horst . . . 
>>> 3160958102.sig-samba41.example.net. 0 ANY TKEY gss-tsig. 0 0 3
>>> BADKEY 0  0
>>>
>>> dns_tkey_negotiategss: TKEY is unacceptable ----------------
>>>
>>> Then we checked with: ----------- samba_dnsupdate --verbose 
>>> ----------- Everything is fine, no error about the unacceptable
>>> TKEY
>>>
>>> We did everything from: 
>>> https://wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable
>>>
>>>
>>>
> - deleted the dns.keytab
>>> - deleted the dns-samba41 user - run "samba_upgradedns
>>> --dns-backend=BIND9_DLZ"
>>>
>>> We checked the permissions of all files. We checked the bind9
>>> config for the TKEY line. Everything is ok. The update works on
>>> the second DC without any error about the key. It's only one ADDC
>>> that makes the problem. The only differences we found was that
>>> the username on the working ADDC is in capital letters
>>> (CN=dns-SAMBA42) and on the non working ADDC in small letter
>>> (CN=dns-samba41). But on both systems it's the same inside the
>>> dns.keytab. (small =non working | capital = working).
>>>
>>> Any help?
>>>
>>> Stefan
>>>
>>
>> Have you set up 'failover' ? The records belong to whoever creates
>> them, so if one DC creates them, then the other cannot.
>>
>> Rowland
>>
> 




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20180516/d293cad2/signature.sig>

More information about the samba mailing list