thr3ads.net - samba - [Samba] dns_tkey_gssnegotiate: TKEY is unacceptable [Jul 2020]

If this information is useful, please help other people find it:
Share via:

Robert E. Wooden

2020-Jul-03 13:39 UTC

[Samba] dns_tkey_gssnegotiate: TKEY is unacceptable

As the subject says, dns_tkey_gssnegotiate: TKEY is unacceptable.

I have internet searched for solutions.

I have done everything on 
/wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable/ 
and I am still getting:

At the end of "root at dc01:~# samba_dnsupdate --verbose --all-names":

dns_tkey_gssnegotiate: TKEY is unacceptable
Failed nsupdate: 1
Failed update of 29 entries

root at dc01:~# klist -k -K -t /var/lib/samba/private/dns.keytab
Keytab name: FILE:/var/lib/samba/private/dns.keytab
KVNO Timestamp?????????? Principal
---- ------------------- 
------------------------------------------------------
 ?? 1 07/03/2020 06:21:27 
DNS/dc01.ad.SAMDOM.EXAMPLE.COM at AD.SAMDOM.EXAMPLE.COM 
(0xa73c4ef2b574933b34c306b0f32b3527)
 ?? 1 07/03/2020 06:19:53 dns-dc01 at AD.SAMDOM.EXAMPLE.COM 
(0xa73c4ef2b574933b34c306b0f32b3527)
 ?? 1 07/03/2020 06:19:53 
DNS/dc01.ad.SAMDOM.EXAMPLE.COM at AD.SAMDOM.EXAMPLE.COM 
(0xd316c15e931088a01b5af8d4ebfab30f)
 ?? 1 07/03/2020 06:19:53 dns-dc01 at AD.SAMDOM.EXAMPLE.COM 
(0xd316c15e931088a01b5af8d4ebfab30f)
 ?? 1 07/03/2020 06:19:53 
DNS/dc01.ad.SAMDOM.EXAMPLE.COM at AD.SAMDOM.EXAMPLE.COM 
(0x7c8d8611291fe04e69e1007fd5f395166d920f8434a260fe79eb5f938deb3421)
 ?? 1 07/03/2020 06:19:53 dns-dc01 at AD.SAMDOM.EXAMPLE.COM 
(0x7c8d8611291fe04e69e1007fd5f395166d920f8434a260fe79eb5f938deb3421)

root at dc01:~# ls -alh /var/lib/samba/private/dns.keytab
-rw-r----- 2 root bind 508 Jul? 3 06:21 /var/lib/samba/private/dns.keytab

The keytab exists. I have delete and re-generated it twice. And I am 
still receiving? errors.

root at dc01:~# cat /etc/resolv.conf
nameserver 127.0.0.1
nameserver 192.168.16.52
search ad.samdom.example.com

Any suggestions would be greatly appreciated?

-- 
Bob Wooden

Rowland penny

2020-Jul-03 13:58 UTC

head link

[Samba] dns_tkey_gssnegotiate: TKEY is unacceptable

On 03/07/2020 14:39, Robert E. Wooden via samba wrote:> As the subject says, dns_tkey_gssnegotiate: TKEY is unacceptable.
>
> I have internet searched for solutions.
>
> I have done everything on 
> /wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable/ 
> and I am still getting:
>
> At the end of "root at dc01:~# samba_dnsupdate --verbose
--all-names":
>
> dns_tkey_gssnegotiate: TKEY is unacceptable
> Failed nsupdate: 1
> Failed update of 29 entries
>
> root at dc01:~# klist -k -K -t /var/lib/samba/private/dns.keytab
> Keytab name: FILE:/var/lib/samba/private/dns.keytab
> KVNO Timestamp?????????? Principal
> ---- ------------------- 
> ------------------------------------------------------
> ?? 1 07/03/2020 06:21:27 
> DNS/dc01.ad.SAMDOM.EXAMPLE.COM at AD.SAMDOM.EXAMPLE.COM 
> (0xa73c4ef2b574933b34c306b0f32b3527)
> ?? 1 07/03/2020 06:19:53 dns-dc01 at AD.SAMDOM.EXAMPLE.COM 
> (0xa73c4ef2b574933b34c306b0f32b3527)
> ?? 1 07/03/2020 06:19:53 
> DNS/dc01.ad.SAMDOM.EXAMPLE.COM at AD.SAMDOM.EXAMPLE.COM 
> (0xd316c15e931088a01b5af8d4ebfab30f)
> ?? 1 07/03/2020 06:19:53 dns-dc01 at AD.SAMDOM.EXAMPLE.COM 
> (0xd316c15e931088a01b5af8d4ebfab30f)
> ?? 1 07/03/2020 06:19:53 
> DNS/dc01.ad.SAMDOM.EXAMPLE.COM at AD.SAMDOM.EXAMPLE.COM 
> (0x7c8d8611291fe04e69e1007fd5f395166d920f8434a260fe79eb5f938deb3421)
> ?? 1 07/03/2020 06:19:53 dns-dc01 at AD.SAMDOM.EXAMPLE.COM 
> (0x7c8d8611291fe04e69e1007fd5f395166d920f8434a260fe79eb5f938deb3421)
>
> root at dc01:~# ls -alh /var/lib/samba/private/dns.keytab
> -rw-r----- 2 root bind 508 Jul? 3 06:21 /var/lib/samba/private/dns.keytab
>
> The keytab exists. I have delete and re-generated it twice. And I am 
> still receiving? errors.
>
> root at dc01:~# cat /etc/resolv.conf
> nameserver 127.0.0.1
> nameserver 192.168.16.52
> search ad.samdom.example.com
>
> Any suggestions would be greatly appreciated?
>Please do not use '127.0.0.1' as a nameserver, use the DC's
ipaddress
instead.

You might be looking at the wrong keytab, do you have:

/var/lib/samba/bind-dns/dns.keytab

Rowland

Robert E. Wooden

2020-Jul-03 14:07 UTC

head link

[Samba] dns_tkey_gssnegotiate: TKEY is unacceptable

On 7/3/2020 8:58 AM, Rowland penny via samba wrote:> Please do not use '127.0.0.1' as a nameserver, use the DC's
ipaddress
> instead.
I have corrected this as you have suggested.
>
> You might be looking at the wrong keytab, do you have:
>
> /var/lib/samba/bind-dns/dns.keytab
>
> Rowland
>Yes, I do (why two dns.keytab . . . a question for later) have 
/var/lib/samba/bind-dns/dns.keytab.

Delete and re-generate that one?

-- 

Bob Wooden

Maybe Matching Threads

Search for more maybe matching threads

samba - Jul 2020 - dns_tkey_gssnegotiate: TKEY is unacceptable

[Samba] dns_tkey_gssnegotiate: TKEY is unacceptable

[Samba] dns_tkey_gssnegotiate: TKEY is unacceptable

[Samba] dns_tkey_gssnegotiate: TKEY is unacceptable

Maybe Matching Threads