[Samba] dns_tkey_negotiategss: TKEY is unacceptable
Rowland penny
rpenny at samba.org
Wed Oct 23 15:32:27 UTC 2019
On 23/10/2019 15:29, Roy Eastwood via samba wrote:
> I found another reason for this error: dns_tkey_negotiategss: TKEY is unacceptable
>
> After much head scratching it was due to the Apparmour configuration recommended in the WiKi at:
> https://wiki.samba.org/index.php/BIND9_DLZ_AppArmor_and_SELinux_Integration
>
> The section for Apparmor which recommends adding lines to /etc/apparmor.d/local/usr.sbin.named, I had to change the line:
> from:
> /usr/local/samba/private/dns.keytab r,
>
> to:
>
> /usr/local/samba/private/dns.keytab rk,
>
> ie add the 'k' to allow file to be locked.
>
> Once I did that dns updates worked correctly.
>
> Also the above WiKi page needs to be updated to reflect the change of location of these files for later samba versions: ie
> /usr/local/samba/bind-dns/*.* etc.
>
> Hopefully this will help others with this error.
>
> Regards,
> Roy
>
>
>
>
Wiki updated, thanks for pointing this out ;-)
Rowland
More information about the samba
mailing list