Joachim Lindenberg
2020-Dec-28 17:42 UTC
[Samba] Cloned DC - was :AW: Samba 4 custom ports for DNS in 2020?
Hello Rowland, tried that. After switching DNS back and forth, there is a dns.keytab in /var/lib/samba/bind-dns, and it is readable by bind group. But I keep getting dns_tkey_gssnegotiate: TKEY is unacceptable What else can I try? Thanks, Joachim -----Urspr?ngliche Nachricht----- Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Rowland penny via samba Gesendet: Monday, 28 December 2020 12:25 An: samba at lists.samba.org Betreff: Re: [Samba] Cloned DC - was :AW: Samba 4 custom ports for DNS in 2020? On 28/12/2020 10:45, Joachim Lindenberg via samba wrote:> Hope you all had a pleasant Christmas time. > Unfortunately I am still struggling with the issue below. Any suggestion? > Thanks, Joachim > >I think you may be hitting the 'dns.keytab isn't created in the correct place during a join' bug. When you join a DC to an existing domain, the code to put the dns.keytab in the bind-dns directory isn't there, it is created in the private directory. If this is your problem, you need to do one of two things, either copy the keytab from the private directory to the bind-dns directory and set the required permissions or run 'samba_upgradedns' followed by 'samba_upgradedns --dns-backend=BIND9_DLZ', the latter method will copy the keytab for you. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Rowland penny
2020-Dec-28 17:49 UTC
[Samba] Cloned DC - was :AW: Samba 4 custom ports for DNS in 2020?
On 28/12/2020 17:42, Joachim Lindenberg via samba wrote:> Hello Rowland, > tried that. After switching DNS back and forth, there is a dns.keytab in /var/lib/samba/bind-dns, and it is readable by bind group. But I keep getting dns_tkey_gssnegotiate: TKEY is unacceptable > What else can I try?Does the DC point to itself as its first nameserver in /etc/resolv.conf ? Note: its IP, not 127.0.0.1 Rowland