[Samba] Samba DNS Accounts

Bo Kersey bo at vircio.com
Thu Feb 4 18:58:36 UTC 2021 

OK...  The problem is that I'm getting 
dns_tkey_gssnegotiate: TKEY is unacceptable 

and for some reason the dns- user account that controls this is being created as dns-ad01.samdom.example.com instead of dns-ad01
All of my other networks dns-hostname and they work.  This network creates the account as dns-fqdn and that is not working....

from samba_upgradedns

        # Check if dns-HOSTNAME account exists and create it if required
        secrets_msgs = ldbs.secrets.search(expression='(samAccountName=dns-%s)' % hostname, attrs=['secret'])
        msg = ldbs.sam.search(base=domaindn, scope=ldb.SCOPE_DEFAULT,
                              expression='(sAMAccountName=dns-%s)' % (hostname),
                              attrs=[])

hostname is coming out as dns-ad01.samdom.example.com instead of dns-ad01





Bo Kersey 
VirCIO - managed network solutions 
4314 Avenue C 
Austin, TX 78751 
phone: (512)374-0500 

In theory there is no difference between theory and practice.  In practice, there is.

----- Original Message -----
> From: "samba" <samba at lists.samba.org>
> To: "samba" <samba at lists.samba.org>
> Sent: Thursday, February 4, 2021 12:46:10 PM
> Subject: Re: [Samba] Samba DNS Accounts

> On 04/02/2021 18:25, Bo Kersey wrote:
>> AD01 is one of the ADDCs (and a domain member) running on Linux
> 
> 
> OK, I think that means it is a Samba AD DC which is possibly being used
> as a fileserver, in which case, it is possibly samba_dnsupdate that is
> creating your record. samba_dnsupdate uses a file 'dns_update_list' to
> create missing forward zone records, the first on this list is:
> 
> A ${HOSTNAME}                                           $IP
> 
> Without checking, I am not entirely sure where it gets ${HOSTNAME} from,
> but it is likely to be the same as the output of 'hostname -s'
> 
> A way around this would be to remove the two incorrect records and
> create the correct record with samba-tool:
> 
> samba-tool dns add ad01 samdom.example.com ad01 A ipv4_address_string
> 
> Where 'ipv4_address_string' is the computers ipaddress e.g. 192.168.0.7
> 
> You should also create the DC's reverse record.
> 
> Rowland
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list