[Samba] dns_tkey_gssnegotiate: TKEY is unacceptable
Rowland penny
rpenny at samba.org
Fri Jul 3 13:58:27 UTC 2020
On 03/07/2020 14:39, Robert E. Wooden via samba wrote:
> As the subject says, dns_tkey_gssnegotiate: TKEY is unacceptable.
>
> I have internet searched for solutions.
>
> I have done everything on
> /wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable/
> and I am still getting:
>
> At the end of "root at dc01:~# samba_dnsupdate --verbose --all-names":
>
> dns_tkey_gssnegotiate: TKEY is unacceptable
> Failed nsupdate: 1
> Failed update of 29 entries
>
> root at dc01:~# klist -k -K -t /var/lib/samba/private/dns.keytab
> Keytab name: FILE:/var/lib/samba/private/dns.keytab
> KVNO Timestamp Principal
> ---- -------------------
> ------------------------------------------------------
> 1 07/03/2020 06:21:27
> DNS/dc01.ad.SAMDOM.EXAMPLE.COM at AD.SAMDOM.EXAMPLE.COM
> (0xa73c4ef2b574933b34c306b0f32b3527)
> 1 07/03/2020 06:19:53 dns-dc01 at AD.SAMDOM.EXAMPLE.COM
> (0xa73c4ef2b574933b34c306b0f32b3527)
> 1 07/03/2020 06:19:53
> DNS/dc01.ad.SAMDOM.EXAMPLE.COM at AD.SAMDOM.EXAMPLE.COM
> (0xd316c15e931088a01b5af8d4ebfab30f)
> 1 07/03/2020 06:19:53 dns-dc01 at AD.SAMDOM.EXAMPLE.COM
> (0xd316c15e931088a01b5af8d4ebfab30f)
> 1 07/03/2020 06:19:53
> DNS/dc01.ad.SAMDOM.EXAMPLE.COM at AD.SAMDOM.EXAMPLE.COM
> (0x7c8d8611291fe04e69e1007fd5f395166d920f8434a260fe79eb5f938deb3421)
> 1 07/03/2020 06:19:53 dns-dc01 at AD.SAMDOM.EXAMPLE.COM
> (0x7c8d8611291fe04e69e1007fd5f395166d920f8434a260fe79eb5f938deb3421)
>
> root at dc01:~# ls -alh /var/lib/samba/private/dns.keytab
> -rw-r----- 2 root bind 508 Jul 3 06:21 /var/lib/samba/private/dns.keytab
>
> The keytab exists. I have delete and re-generated it twice. And I am
> still receiving errors.
>
> root at dc01:~# cat /etc/resolv.conf
> nameserver 127.0.0.1
> nameserver 192.168.16.52
> search ad.samdom.example.com
>
> Any suggestions would be greatly appreciated?
>
Please do not use '127.0.0.1' as a nameserver, use the DC's ipaddress
instead.
You might be looking at the wrong keytab, do you have:
/var/lib/samba/bind-dns/dns.keytab
Rowland
More information about the samba
mailing list