[Samba] dns_tkey_gssnegotiate: TKEY is unacceptable
rpenny at samba.org
Mon Jul 6 16:25:36 UTC 2020
On 06/07/2020 16:05, Robert E. Wooden via samba wrote:
> Why has one installation not created a ".../bind-dns/dns.keytab" file
> and yet the other has?
> I followed the same "steps" during installation on both.
I am coming to the conclusion that if you upgrade from one major Samba
version to another, then upgrading in place isn't really a good idea. I
would demote the original DC and either reinstall the OS or at the very
least totally remove Samba. Then install the new major Samba release and
rejoin as a DC.
Each DC should use its own ipaddress for its first nameserver and each
DC should use this /etc/krb5.conf file:
default_realm = SUBDOM.EXAMPLE.COM
dns_lookup_kdc = true
dns_lookup_realm = false
You do not require anything else!
More information about the samba