[Samba] dns_tkey_gssnegotiate: TKEY is unacceptable

Rowland Penny rpenny at samba.org
Tue Jan 8 09:02:07 UTC 2019 

On Mon, 7 Jan 2019 23:02:17 +0000 (UTC)
Billy Bob <billysbobs at yahoo.com> wrote:

> Okay, because you are not wrong ...
> One more time before I move forward with this.
> The smb.conf is now:
> 
> # Global parameters
> [global]
>         bind interfaces only = Yes
>         interfaces = lo eno1
>         netbios name = DC01
>         realm = CORP.<DOMAIN>.COM
>         server role = active directory domain controller
>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbindd, ntp_signd, kcc, dnsupdate workgroup = CORP
>         idmap_ldb:use rfc2307 = yes
>         dns update command = /usr/local/samba/sbin/samba_dnsupdate
> --use-samba-tool[netlogon] path
> = /usr/local/samba/var/locks/sysvol/corp.<DOMAIN>.com/scripts read
> only = No[sysvol] path = /usr/local/samba/var/locks/sysvol
>         read only = No
> 
> 
> Running:
> 
> # samba_dnsupdate --use-samba-tool --verbose --all-names
> 
> returns:
> 
> IPs: ['172.20.10.130']
> force update: A dc01.corp.<DOMAIN>.com 172.20.10.130
>  * * * * *
> force update: SRV
> _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.corp.<DOMAIN>.com
> dc01.corp.<DOMAIN>.com 389 29 DNS updates and 0 DNS deletes needed
> Successfully obtained Kerberos ticket to DNS/dc01.corp.<DOMAIN>.com
> as DC01$ update (samba-tool): A dc01.corp.<DOMAIN>.com 172.20.10.130
> Calling samba-tool dns for A dc01.corp.<DOMAIN>.com 172.20.10.130
> (add) Calling samba-tool dns add -k no -P ['172.20.10.130',
> 'corp.<DOMAIN>.com', 'dc01', 'A', '172.20.10.130'] ERROR(runtime):
> uncaught exception - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
> File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> line 177, in _run return self.run(*args, **kwargs) File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py",
> line 945, in run raise e Failed 'samba-tool dns' based update of A
> dc01.corp.<DOMAIN>.com 172.20.10.130
>  * * * * *
> Failed update of 29 entries
> 
> ... and we are all good with that?

Yes, because it isn't really failing, the record already exists, so it
cannot and does not need to create it, but it is being treated as a
failure.

Rowland

More information about the samba mailing list