[Samba] dnsupdate failed with TKEY is unaceptable

Rowland penny rpenny at samba.org
Wed Nov 18 18:34:29 UTC 2020 

On 18/11/2020 17:34, Rommel Rodriguez Toirac via samba wrote:
>   
> In my network I have a samba 4.11.4 as Active Directory Domain Controller installed in CentOS 7 (gtmad.gtm.onat.gob.cu - 192.168.41.17). I have recently installed samba 4.13.2 in CentOS 8 (gtmad1.gtm.onat.gob.cu - 192.168.41.18) and following the wiki.samba.org guide I have joined it as a domain controller to my network.
Have you compiled Samba yourself ?
>    When I check the local DNS service I get the following:
> # host -t A gtm.onat.gob.cu localhost
> Using domain server:
> Name: localhost
> Address: 127.0.0.1#53
> Aliases:
> gtm.onat.gob.cu has address 192.168.41.17
>    (It only solves the IP of the samba 4.11.4 AD-DC not his as well, do not know if this is a problem)
>    
>    
>    When I check the status of the named.service service it seems that everything is fine:
> # systemctl status named.service -l
>
>            └─18541 /usr/sbin/named -u named -c /etc/named.conf
> nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: configuring command channel from '/etc/rndc.key'
> nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: command channel listening on 127.0.0.1#953
> nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: configuring command channel from '/etc/rndc.key'
> nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: command channel listening on ::1#953
> nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: managed-keys-zone: loaded serial 0
> nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: zone 0.0.127.in-addr.arpa/IN: loaded serial 2013050101
> nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: zone localhost/IN: loaded serial 2013050101
> nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: all zones loaded
> nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: running
> nov 18 12:02:02 gtmad1.gtm.onat.gob.cu systemd[1]: Started Berkeley Internet Name Domain (DNS).

It doesn't look like bind can find the DNS zones in AD, so can you post 
your named.conf and smb.conf

Rowland

More information about the samba mailing list