[Samba] dns_tkey_gssnegotiate: TKEY is unacceptable

L.P.H. van Belle belle at bazuin.nl
Tue Jul 7 10:57:58 UTC 2020 

Hai, 

Well, i know you did read it already but it its : 
https://wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable 

Can you show. 
klist -ket /var/lib/samba/bind-dns/dns.keytab 

And, which might be more handy. 
Run this on both servers, i think you missed a stop and compairing the output of both DC1 and DC2 might help in whats wrong here. 

https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh 

Anonymize where needed. 


Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Robert E. Wooden via samba
> Verzonden: maandag 6 juli 2020 19:41
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] dns_tkey_gssnegotiate: TKEY is unacceptable
> 
> On 7/6/2020 11:25 AM, Rowland penny via samba wrote:
> > You do not require anything else!
> >
> > Rowland
> >
> Thanks for remembering me and remembering my previous post that I 
> admitted having a DC that was built with standard Debian 
> Buster packages 
> (4.9.16?) and upon starting the computer, I discover my error and 
> installed Louis' repo and upgrade to 4.12.3. That upgrade 
> seemed to work 
> fine. After (with Rowland's help) the ".../bind-dns/dns.keytab" 
> reference error in "/etc/bind/named.conf.options" file was 
> discoverd, at 
> that time all the "nslookup" and "dig" returned proper 
> answer. (Please 
> someone make a note to, in the future, move everything into 
> ".../bind-dns/" and empty the ".../private/" directory.
> 
> I realized that I have problems with DC01 and the fact that I 
> would be 
> replacing it soon with newer hardware, when that newer 
> hardware arrived, 
> I built both carefully, in the same manner (previously tested 
> on several 
> VM's first) implementing Louis' repo from the beginning and 
> installing 
> 4.12.3.
> 
> And DC1 (built first) machine did not create the 
> ".../bind-dns/dns.keytab" file and DC2 (built after DC1) did 
> create that 
> file. (Identical hardware on both.)
> 
> Rowland, I do not want to take anymore of your time for this, 
> but I seen 
> Louis is back and I am wondering his thoughts, as I (for the 
> most part) 
> followed his instructions to build.
> 
> Louis, any thoughts?
> 
> -- 
> 
> Bob Wooden
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list