[Samba] Samba DNS Accounts

Rowland penny rpenny at samba.org
Thu Feb 4 17:36:36 UTC 2021

On 04/02/2021 17:19, Bo Kersey wrote:
> Nothing is updating samba DNS....
> dns_tkey_gssnegotiate: TKEY is unacceptable
> the SPN name in the dns-dc01 record does not match any of the entries in klist -k /var/lib/samba/bind-dns/dns.keytab
I will go and have my eyes tested, I completely missed that it started 
with 'dns'.

This is the DNS service account for a DC when it is using BIND9_DLZ and 
its DN should be: CN=dns-ad01,CN=Users,DC=samdom,DC=example,DC=com

That is if 'ad01' is one of your Samba AD DC's.

If it isn't a DC, then is 'dns-ad01' a computer hostname ?


More information about the samba mailing list