Followed all the howto instructions and when this runs I get the following:
(with debug on)
[root at quigonn named]# /usr/local/samba/sbin/samba_dnsupdate -d 200
/usr/local/samba/lib/python2.4/site-packages/samba/__init__.py:44:
RuntimeWarning: Python C API version mismatch for module ldb: This Python has
API version 1013, module ldb has version 1012.
import ldb
/usr/local/samba/lib/python2.4/site-packages/samba/__init__.py:45:
RuntimeWarning: Python C API version mismatch for module _ldb: This Python has
API version 1013, module _ldb has version 1012.
from samba._ldb import Ldb as _Ldb
/usr/local/samba/lib/python2.4/site-packages/samba/__init__.py:324:
RuntimeWarning: Python C API version mismatch for module _glue: This Python has
API version 1013, module _glue has version 1012.
import _glue
/usr/local/samba/lib/python2.4/site-packages/samba/getopt.py:23: RuntimeWarning:
Python C API version mismatch for module credentials: This Python has API
version 1013, module credentials has version 1012.
from credentials import Credentials, DONT_USE_KERBEROS, MUST_USE_KERBEROS
/usr/local/samba/lib/python2.4/site-packages/samba/samdb.py:26: RuntimeWarning:
Python C API version mismatch for module dsdb: This Python has API version 1013,
module dsdb has version 1012.
import dsdb
/usr/local/samba/sbin/samba_dnsupdate:37: RuntimeWarning: Python C API version
mismatch for module auth: This Python has API version 1013, module auth has
version 1012.
from samba.auth import system_session
/usr/local/samba/lib/python2.4/site-packages/samba/getopt.py:32: RuntimeWarning:
Python C API version mismatch for module param: This Python has API version
1013, module param has version 1012.
import os, param
lp_load: refreshing parameters from /usr/local/samba/etc/smb.conf
params.c:pm_process() - Processing configuration file
"/usr/local/samba/etc/smb.conf"
Processing section "[globals]"
Processing section "[netlogon]"
Processing section "[sysvol]"
Processing section "[profiles]"
pm_process() returned Yes
adding hidden service IPC$
adding hidden service ADMIN$
added interface ip=192.168.1.5 nmask=255.255.255.0
Initialising global parameters
lp_load: refreshing parameters from /usr/local/samba/etc/smb.conf
params.c:pm_process() - Processing configuration file
"/usr/local/samba/etc/smb.conf"
Processing section "[globals]"
Processing section "[netlogon]"
Processing section "[sysvol]"
Processing section "[profiles]"
pm_process() returned Yes
adding hidden service IPC$
adding hidden service ADMIN$
lp_servicenumber: couldn't find ldb
AUTH backend 'sam' registered
AUTH backend 'sam_ignoredomain' registered
AUTH backend 'anonymous' registered
AUTH backend 'server' registered
AUTH backend 'winbind_samba3' registered
AUTH backend 'winbind' registered
AUTH backend 'winbind_wbclient' registered
AUTH backend 'name_to_ntstatus' registered
AUTH backend 'fixed_challenge' registered
AUTH backend 'unix' registered
schema_fsmo_init: we are master: yes
ldb: ldb_trace_request: SEARCH
dn: @MODULES
scope: base
expr: (@LIST=*)
attr: @LIST
control: <NONE>
ldb: ldb_trace_request: (tdb)->search
ldb: ldb_trace_response: ENTRY
dn: @MODULES
@LIST: samba_secrets
ldb: ldb_trace_request: REGISTER_CONTROL
1.2.840.113556.1.4.1413
control: <NONE>
ldb: ldb_tdb: Unable to register control with rootdse!
ldb: ldb_trace_request: SEARCH
dn: <rootDSE>
scope: base
expr: (objectClass=*)
attr: rootDomainNamingContext
attr: configurationNamingContext
attr: schemaNamingContext
attr: defaultNamingContext
control: <NONE>
ldb: ldb_trace_request: (tdb)->search
ldb_wrap open of secrets.ldb
ldb: ldb_trace_request: SEARCH
dn: cn=Primary Domains
scope: sub
expr: (&(flatname=THECREEDS)(objectclass=primaryDomain))
attr: secret
attr: priorSecret
attr: samAccountName
attr: flatname
attr: realm
attr: secureChannelType
attr: unicodePwd
attr: msDS-KeyVersionNumber
attr: saltPrincipal
attr: privateKeytab
attr: krb5Keytab
attr: servicePrincipalName
attr: ldapBindDn
control: <NONE>
ldb: ldb_trace_request: (tdb)->search
ldb: ldb_trace_response: ENTRY
dn: flatname=THECREEDS,cn=Primary Domains
flatname: THECREEDS
msDS-KeyVersionNumber: 1
privateKeytab: secrets.keytab
realm: THECREEDS.NET
saltPrincipal: host/quigonn.thecreeds.net at THECREEDS.NET
samAccountName: QUIGONN$
secret: <removed for obvious reasons>
secureChannelType: 6
Received smb_krb5 packet of length 266
Received smb_krb5 packet of length 1219
dns_tkey_negotiategss: TKEY is unacceptable
dns_tkey_negotiategss: TKEY is unacceptable
The wierd thing is I know that TSIG transfers are working because I can use
nsupdate with the key set and it updates the records fine... So what TKEY is
this looking for and whats the issue with it?
Thanks,
Dan