[Samba] SPNEGO cannot find mechanisms to negotiate

Matthias Kühne | Ellerhold AG matthias.kuehne at ellerhold.de
Thu Oct 27 06:05:50 UTC 2022 

Hello Samba people,

we've recently upgraded our debian bullseye AD-DCs from 4.15 (louis 
repo) to 4.16 (backports). We're using the BIND_DLZ with Bind 9.16.33. 
Somehow the samba_dnsupdate broke. We're running 
"/usr/sbin/samba_dnsupdate --all-names" every hour (is this even 
recommended?). In pre 4.16 this works correctly.

Now this error is printed:

"tkey query failed: GSSAPI error: Major = Unspecified GSS failure.  
Minor code may provide more information, Minor = SPNEGO cannot find 
mechanisms to negotiate." (28 times to be exact).

Just calling samba_dnsupdate without --all-names doesnt print anything. 
Using --all-names and --use-samba-tool leads to this error message:

"ERROR: Record already exists; record could not be added. 
zone[ad.ellerhold.lan] name[rad-2]" (28 times to be exact).

Does this mean everything is already correct and hes still trying to add 
new records?

Is it necessary to call the samba_dnsupdate with --all-names hourly? 
I've read somewhere to do this to fix some weird problems. Or any other 
combination of the switches (--all-names and --use-samba-tool) 
samba_dnsupdate?

Any advice would be much appreciated.

Have a nice day, Matthias Kühne.

-- 
Matthias Kühne
Senior Webentwickler
Datenschutzbeauftragter

Ellerhold Aktiengesellschaft
Friedrich-List-Str. 4
01445 Radebeul

Telefon: +49 (0) 351 83933-61
Telefax: +49 (0) 351 83933-99

Web     www.ellerhold.de
Twitter www.twitter.com/Ellerhold_AG
Youtube www.youtube.com/user/ellerholdgruppe

Amtsgericht Dresden / HRB 23769
Vorstand: Stephan Ellerhold, Maximilian Ellerhold
Vorsitzender des Aufsichtsrates: Frank Ellerhold



---Diese E-Mail und Ihre Anlagen enthalten vertrauliche Mitteilungen. Sollten Sie nicht der beabsichtigte Adressat sein, so bitten wir Sie um Mitteilung und um sofortiges löschen dieser E-Mail und der Anlagen.

Unsere Hinweise zum Datenschutz finden Sie hier: http://www.ellerhold.de/datenschutz/

This e-mail and its attachments are privileged and confidential. If you are not the intended recipient, please notify us and immediately delete this e-mail and its attachments.

You can find our privacy policy here: http://www.ellerhold.de/datenschutz/

More information about the samba mailing list