[Samba] dns_tkey_gssnegotiate: TKEY is unacceptable

Joachim Lindenberg samba at lindenberg.one
Mon Aug 12 19:43:03 UTC 2019


Ok, with the smb.conf change and then
	 samba_dnsupdate --rpc-server-ip=192.168.177.19 --use-samba-tool --verbose
I got no error messages.
Shall I now revert the change? Monitor? At present samba_dnsupdate has nothing to do..
Thanks, Joachim


-----Ursprüngliche Nachricht-----
Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Rowland penny via samba
Gesendet: Monday, 12 August 2019 21:26
An: sambalist <samba at lists.samba.org>
Betreff: Re: [Samba] dns_tkey_gssnegotiate: TKEY is unacceptable

On 12/08/2019 20:19, Joachim Lindenberg wrote:
> Hi Rowland,
> did read, actually cited the page it myself, but didn´t help me to identify the cause.
> Kerberos credentials exists, dns users exists, file permission are correct. So either that is insufficient or I am blind..
> Regards, Joachim
>
> -----Ursprüngliche Nachricht-----
> Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Rowland penny via samba
> Gesendet: Monday, 12 August 2019 21:14
> An: samba at lists.samba.org
> Betreff: Re: [Samba] dns_tkey_gssnegotiate: TKEY is unacceptable
>
> On 12/08/2019 19:49, Joachim Lindenberg via samba wrote:
>> I installed a third DC today. Replication works find, but as systemctl status samba-ad-dc showed an error w.r.t. dnsupdate I was running samba_dnsupdate –verbose.
>>
>> Below is the output. It looks like there are some missing DNS records, but what are potential causes of this error: dns_tkey_gssnegotiate: TKEY is unacceptable
>>
>>    
>>
>> I already checked what´s listed @ https://wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable and https://wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable#Verifying_That_the_BIND_AD_Account_Exists_for_the_DC.
>>
>> What else?
>>
>> Thanks, Joachim
>>
> Start by reading this:
> https://wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable
>
> Rowland
>
>
>
OK, try the update over RPC, add this to smb.conf on the new DC:

dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool

restart Samba and see what happens.

Rowland



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba




More information about the samba mailing list