[Samba] dns_tkey_negotiategss: TKEY is unacceptable

Roy Eastwood spindles7 at gmail.com
Wed Oct 23 14:29:07 UTC 2019


I found another reason for this error: dns_tkey_negotiategss: TKEY is unacceptable

After much head scratching it was due to the Apparmour configuration recommended in the WiKi at:
https://wiki.samba.org/index.php/BIND9_DLZ_AppArmor_and_SELinux_Integration

The section for Apparmor which recommends adding lines to /etc/apparmor.d/local/usr.sbin.named, I had to change the line:
from:
	/usr/local/samba/private/dns.keytab r,

to:

	/usr/local/samba/private/dns.keytab rk,

ie add the 'k' to allow file to be locked.

Once I did that dns updates worked correctly.

Also the above WiKi page needs to be updated to reflect the change of location of these files for later samba versions:  ie
/usr/local/samba/bind-dns/*.* etc.

Hopefully this  will help others with this error.

Regards,
Roy






More information about the samba mailing list