[Samba] Fixing dns_tkey_gssnegotiate: TKEY is unacceptable but stuck on check_spn_alias_collision
Matthew Schumacher
matt.s at aptalaska.net
Wed Aug 10 16:29:23 UTC 2022
On 8/9/22 12:01 AM, L. van Belle via samba wrote:
> stop samba winbind on this DC.
> use samba tool to remove the DC
> use samba tool remove dead server to clean more *( on DC1).
> Use any DNS manager/command to remove any A or PTR record of DC2 in the DNS
> on DC1
> Remove left overs in the "Sites in AD" *( on DC1).
>
> Cleanup all folders of samba.
> check it again, now only when you 100% sure its gone.
>
> rejoin. *(with IP DC1 first in resolv.conf)
> reboot *( with IP DC1 first in resolv.conf)
> check everything...
> now, fix resolv, *( IP DC2 first in resolv.conf, then DC1 ip.)
> Reboot *( or.. use..
>
> samba_upgradedns --dns-backend=BIND9_DLZ && samba_upgradedns
> --dns-backend=SAMBA_INTERNAL && samba_upgradedns --dns-backend=BIND9_DLZ
>
> That's what I would do, but its key everything is gone of the old server in
> the DNS on DC1.
> Seen this before and in general it took me more time to fix it then a
> re-join.
>
> Hope that it helps,
>
> greetz,
>
> Louis
>
>
Appreciate the help Louis and Rowland.
Here are a few more things I tried:
Complete remove/cleanup/rejoin as above.
Compiling bind with Heimdal kerberos instead of MIT kerberos (instead of
working, bind actually crashes with "name.c:664: require(((name1) !=
((void *)0) && ((const isc__magic_t *)(name1))->magic == ((('d') << 24 |
('n') << 16 | ('s') << 8 | ('n'))))) failed" when samba_dnsupdate tries
to update.)
Moving from bind 9.16 to bind 9.18
I guess I'll just give up and use
dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool
But I do think there is a bug somewhere and I'm motivated to find it. I
wish I could get some debugging info out of
/usr/lib64/bind9/dlz_bind9_18.so, maybe I'll bark up that tree for a bit.
Matt
More information about the samba
mailing list