[Samba] Dns tkey negotiategss: TKEY is unacceptable - potential fix included
rme at bluemail.ch
rme at bluemail.ch
Wed Sep 28 11:27:35 UTC 2022
> What version of Samba are you using ?
I am on latest gentoo ebuild version 4.16.4 currently.
> However it looks like you are correct, there is code to create the
> 'dns-host' user, even if it may be incorrect, there is code to create
> the dnsadmins group, but there doesn't seem to be code to add the user
> to the group.
Well I have included the description as packages of distributions might
differ. So line numbering might be different too. Not sure which
modifications are applied by Gentoo. However I found many reports across
the internet facing the same problems and instructions on
<https://wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable>
not working. So I am quite sure others face the same problem as well. So
they do get a non-working "dns-host.DOMAIN.tld" user created instead of
"dns-host" and it fails to be added to the right security group.
Sure it's possible I am the only one with this specific problem but at
least the Gentoo Python code seems to suffer from some upper/lowercase
matching flaws. If this is not an upstream problem I am happy to report
this to Gentoo package maintainers. However I expected those Python
modules to be maintained upstream as also the samba_upgradedns tool is
not introduced by Gentoo but actually part of Samba 4.
Moreover I believe this should be pretty simple to fix.
Correct me if I am wrong here.
best regards,
Rainer
More information about the samba
mailing list