[Samba] Dns tkey negotiategss: TKEY is unacceptable - potential fix included

rme at bluemail.ch rme at bluemail.ch
Wed Sep 28 11:27:35 UTC 2022

 > What version of Samba are you using ?

I am on latest gentoo ebuild version 4.16.4 currently.

 > However it looks like you are correct, there is code to create the
 > 'dns-host' user, even if it may be incorrect, there is code to create
 > the dnsadmins group, but there doesn't seem to be code to add the user
 > to the group.

Well I have included the description as packages of distributions might 
differ. So line numbering might be different too. Not sure which 
modifications are applied by Gentoo. However I found many reports across 
the internet facing the same problems and instructions on 
not working. So I am quite sure others face the same problem as well. So 
they do get a non-working "dns-host.DOMAIN.tld" user created instead  of 
"dns-host" and it fails to be added to the right security group.

Sure it's possible I am the only one with this specific problem but at 
least the Gentoo Python code seems to suffer from some upper/lowercase 
matching flaws. If this is not an upstream problem I am happy to report 
this to Gentoo package maintainers. However I expected those Python 
modules to be maintained upstream as also the samba_upgradedns tool is 
not introduced by Gentoo but actually part of Samba 4.

Moreover I believe this should be pretty simple to fix.

Correct me if I am wrong here.

best regards,

More information about the samba mailing list