[Samba] dns_tkey_gssnegotiate: TKEY is unacceptable

L.P.H. van Belle belle at bazuin.nl
Fri Jul 3 14:38:10 UTC 2020


Stop samba
Move the bind content to the bind-dns folder 

/var/lib/samba/bind-dns# ls -al
total 28
drwxrwx---  3 root bind 4096 May 25 14:16 .
drwxr-xr-x 10 root root 4096 Jun 29 07:47 ..
drwxrwx---  3 root bind 4096 Aug  7  2019 dns
-rw-r-----  2 root bind  877 Aug  7  2019 dns.keytab
-rw-r--r--  1 root root  883 Aug  7  2019 named.conf
-r--r--r--  1 root root  312 Aug  7  2019 named.conf.update
-rw-r--r--  1 root root 2092 Aug  7  2019 named.txt

Adjust : named.conf.local
/ adding the dlopen ( Bind DLZ ) module for samba. 
include "/var/lib/samba/bind-dns/named.conf";

I think that was it. 
Verify rights on files and folders but if you move it should be the same. 

Start samba, check again, ow wait.. .. 

/etc/resolv.conf
nameserver 127.0.0.1	< and change that one to the server its OWN ip , not localhost. 
nameserver 192.168.16.52
search ad.samdom.example.com

Clear logs, Reboot, check again. 

Did that work?


Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Robert E. Wooden via samba
> Verzonden: vrijdag 3 juli 2020 16:25
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] dns_tkey_gssnegotiate: TKEY is unacceptable
> Urgentie: Hoog
> 
> On 7/3/2020 9:15 AM, Rowland penny via samba wrote:
> > No, might as well tell you now, it's relevant. Samba moved 
> the keytab 
> > to the 'bind-dns' directory sometime ago, so you should be 
> using the 
> > keytab in the bind-dns directory, which will mean altering the 
> > named.conf files if you are using Bind9
> 
> Yes, I saw that during setup. I had to "think thru" Louis' 
> instructions, 
> to test, locate and make sure I was using the correct 
> "dns.keytab" for 
> the BIND9_DLZ setup.
> 
> >
> > Depends, are you actually using the correct keytab ?
> >
> > Rowland
> >
> Apparently, I missed this. So, I am not sure what to change 
> to correct?
> 
> Any explanation you could provide would clarify this for me?
> 
> (FYI, Debian 10 with Samba 4.12.3)
> 
> -- 
> 
> Bob Wooden
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 




More information about the samba mailing list