[Samba] Fixing dns_tkey_gssnegotiate: TKEY is unacceptable but stuck on check_spn_alias_collision
matt.s at aptalaska.net
Wed Aug 17 16:11:40 UTC 2022
On 8/10/22 9:29 AM, Matthew Schumacher via samba wrote:
> Appreciate the help Louis and Rowland.
> Here are a few more things I tried:
> Complete remove/cleanup/rejoin as above.
> Compiling bind with Heimdal kerberos instead of MIT kerberos (instead
> of working, bind actually crashes with "name.c:664: require(((name1)
> != ((void *)0) && ((const isc__magic_t *)(name1))->magic == ((('d') <<
> 24 | ('n') << 16 | ('s') << 8 | ('n'))))) failed" when samba_dnsupdate
> tries to update.)
> Moving from bind 9.16 to bind 9.18
> I guess I'll just give up and use
> dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool
> But I do think there is a bug somewhere and I'm motivated to find it.
> I wish I could get some debugging info out of
> /usr/lib64/bind9/dlz_bind9_18.so, maybe I'll bark up that tree for a bit.
So, I updated the dns update command as above in smb.conf and have been
demoting some old windows servers, but they are not cleaning up their
DNS records when done. Does windows use kerberos tickets to remove DNS
records? If so, then that is a significant con to using the command
above as other windows machines won't be able to make DNS changes.
More information about the samba