[Samba] dns_tkey_gssnegotiate: TKEY is unacceptable

Rowland penny rpenny at samba.org
Mon Jul 6 16:25:36 UTC 2020

On 06/07/2020 16:05, Robert E. Wooden via samba wrote:
> Why has one installation not created a ".../bind-dns/dns.keytab" file 
> and yet the other has?
> I followed the same "steps" during installation on both.
I am coming to the conclusion that if you upgrade from one major Samba 
version to another, then upgrading in place isn't really a good idea. I 
would demote the original DC and either reinstall the OS or at the very 
least totally remove Samba. Then install the new major Samba release and 
rejoin as a DC.

Each DC should use its own ipaddress for its first nameserver and each 
DC should use this /etc/krb5.conf file:

     default_realm = SUBDOM.EXAMPLE.COM
     dns_lookup_kdc = true
     dns_lookup_realm = false

You do not require anything else!


More information about the samba mailing list