[Samba] Cloned DC - was :AW: Samba 4 custom ports for DNS in 2020?
Joachim Lindenberg
samba at lindenberg.one
Mon Dec 28 17:42:03 UTC 2020
Hello Rowland,
tried that. After switching DNS back and forth, there is a dns.keytab in /var/lib/samba/bind-dns, and it is readable by bind group. But I keep getting dns_tkey_gssnegotiate: TKEY is unacceptable
What else can I try?
Thanks, Joachim
-----Ursprüngliche Nachricht-----
Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Rowland penny via samba
Gesendet: Monday, 28 December 2020 12:25
An: samba at lists.samba.org
Betreff: Re: [Samba] Cloned DC - was :AW: Samba 4 custom ports for DNS in 2020?
On 28/12/2020 10:45, Joachim Lindenberg via samba wrote:
> Hope you all had a pleasant Christmas time.
> Unfortunately I am still struggling with the issue below. Any suggestion?
> Thanks, Joachim
>
>
I think you may be hitting the 'dns.keytab isn't created in the correct place during a join' bug.
When you join a DC to an existing domain, the code to put the dns.keytab in the bind-dns directory isn't there, it is created in the private directory.
If this is your problem, you need to do one of two things, either copy the keytab from the private directory to the bind-dns directory and set the required permissions or run 'samba_upgradedns' followed by 'samba_upgradedns --dns-backend=BIND9_DLZ', the latter method will copy the keytab for you.
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list