[Samba] Samba DNS Accounts

Thu Feb 4 19:44:10 UTC 2021

On 04/02/2021 18:58, Bo Kersey wrote:
> OK...  The problem is that I'm getting
> dns_tkey_gssnegotiate: TKEY is unacceptable

Is the DC using itself as its nameserver in /etc/resolv.conf ?

>
> and for some reason the dns- user account that controls this is being created as dns-ad01.samdom.example.com instead of dns-ad01

'dns-ad01' is a username used by BIND9_DLZ, it is not a hostname

> All of my other networks dns-hostname and they work.  This network creates the account as dns-fqdn and that is not working....
>
> from samba_upgradedns
>
>          # Check if dns-HOSTNAME account exists and create it if required
>          secrets_msgs = ldbs.secrets.search(expression='(samAccountName=dns-%s)' % hostname, attrs=['secret'])
>          msg = ldbs.sam.search(base=domaindn, scope=ldb.SCOPE_DEFAULT,
>                                expression='(sAMAccountName=dns-%s)' % (hostname),
>                                attrs=[])
>
> hostname is coming out as dns-ad01.samdom.example.com instead of dns-ad01

I am getting confused, are we talking about a dns record or an account ?

If 'hostname -s', when run in a terminal, is producing the FQDN, then 
your hostname is not set up correctly (is this on a red-hat distro ?)

Rowland