Hello
I tried on two vms on my vmware Workstation to use samba as DC.
I want use BIND for dns system.
To join the Domain had worked successfully after I recompiled the bind.
It seems the zone are the same but Samba isn't in the ns-record.
If I run dcpromo.exe I get this error message:
This Active Directory DC is the last dns-server for the AD-zones.
If I remove the DC the dns-names can't be resolved any more.
Also Exchange doesn't find the DC
If I type kinit administrator I didn't get an answer
root at linux:~# kinit administrator
Password for administrator at DNCOM.DE:
root at linux:~#
samba-tool drs showrepl have't errors for the replication but on the end
Connection --
Connection name: b1449b55-6603-4b33-abe2-6d78071a5d76
Enabled : TRUE
Server DNS name : QC2NDOHUS2B.dncom.de
Server DN name : CN=NTDS
Settings,CN=QC2NDOHUS2B,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dncom,DC=de
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
samba_dnsupdate --verbose --all-names makes also problems
IPs: ['fe80::20c:29ff:fe65:b90e%eth0', '172.16.128.120']
Skipping PDC entry (SRV _ldap._tcp.pdc._msdcs.${DNSDOMAIN}
${HOSTNAME} 389) as we are not a PDC
Skipping PDC entry (SRV _ldap._tcp.pdc._msdcs.${DNSFOREST}
${HOSTNAME} 389) as we are not a PDC
Calling nsupdate for A dncom.de 172.16.128.120
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
dncom.de. 900 IN A 172.16.128.120
dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for A linux.dncom.de 172.16.128.120
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
linux.dncom.de. 900 IN A 172.16.128.120
dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for A gc._msdcs.dncom.de 172.16.128.120
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
gc._msdcs.dncom.de. 900 IN A 172.16.128.120
dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for CNAME f5b7a286-234e-4007-8c53-8686c259ed61._msdcs.dncom.de
linux.dncom.de
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
f5b7a286-234e-4007-8c53-8686c259ed61._msdcs.dncom.de. 900 IN CNAME
linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for SRV _kpasswd._tcp.dncom.de linux.dncom.de 464
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kpasswd._tcp.dncom.de. 900 IN SRV 0 100 464 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for SRV _kpasswd._udp.dncom.de linux.dncom.de 464
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kpasswd._udp.dncom.de. 900 IN SRV 0 100 464 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for SRV _kerberos._tcp.dncom.de linux.dncom.de 88
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.dncom.de. 900 IN SRV 0 100 88 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for SRV _kerberos._tcp.dc._msdcs.dncom.de linux.dncom.de 88
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.dc._msdcs.dncom.de. 900 IN SRV 0 100 88 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for SRV _kerberos._tcp.default-first-site-name._sites.dncom.de
linux.dncom.de 88
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.default-first-site-name._sites.dncom.de. 900 IN SRV 0 100 88
linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for SRV
_kerberos._tcp.default-first-site-name._sites.dc._msdcs.dncom.de linux.dncom.de
88
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.default-first-site-name._sites.dc._msdcs.dncom.de. 900 IN SRV 0
100 88 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for SRV _kerberos._udp.dncom.de linux.dncom.de 88
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._udp.dncom.de. 900 IN SRV 0 100 88 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for SRV _ldap._tcp.dncom.de linux.dncom.de 389
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.dncom.de. 900 IN SRV 0 100 389 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for SRV _ldap._tcp.dc._msdcs.dncom.de linux.dncom.de 389
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.dc._msdcs.dncom.de. 900 IN SRV 0 100 389 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for SRV _ldap._tcp.gc._msdcs.dncom.de linux.dncom.de 3268
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.gc._msdcs.dncom.de. 900 IN SRV 0 100 3268 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for SRV _ldap._tcp.default-first-site-name._sites.dncom.de
linux.dncom.de 389
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.default-first-site-name._sites.dncom.de. 900 IN SRV 0 100 389
linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for SRV
_ldap._tcp.default-first-site-name._sites.dc._msdcs.dncom.de linux.dncom.de 389
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.default-first-site-name._sites.dc._msdcs.dncom.de. 900 IN SRV 0 100
389 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for SRV
_ldap._tcp.default-first-site-name._sites.gc._msdcs.dncom.de linux.dncom.de 3268
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.default-first-site-name._sites.gc._msdcs.dncom.de. 900 IN SRV 0 100
3268 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for SRV
_ldap._tcp.891fe5ff-4712-4ab5-951c-c1584391f0fd.domains._msdcs.dncom.de
linux.dncom.de 389
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.891fe5ff-4712-4ab5-951c-c1584391f0fd.domains._msdcs.dncom.de. 900 IN
SRV 0 100 389 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for SRV _gc._tcp.dncom.de linux.dncom.de 3268
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_gc._tcp.dncom.de. 900 IN SRV 0 100 3268 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Calling nsupdate for SRV _gc._tcp.default-first-site-name._sites.dncom.de
linux.dncom.de 3268
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_gc._tcp.default-first-site-name._sites.dncom.de. 900 IN SRV 0 100 3268
linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Failed update of 20 entries
Felipe
OK now I tried to join again
I saw this messages
descriptor_sd_propagation_recursive: DC=DomainDnsZones,DC=*****,DC=de not found
under DC=*****,DC=de
descriptor_sd_propagation_recursive: DC=ForestDnsZones,DC=*****,DC=de not found
under DC=*****,DC=de
Unable to find group id for BIND,
set permissions to sam.ldb* files manually Unable to find group
id for BIND,
set permissions to sam.ldb* files manually
bind is running as user root
hope to get help
Felipe
-----Mensaje original-----
De: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
En nombre de Felipe
Enviado el: mi?rcoles, 02 de enero de 2013 2:55
Para: samba at lists.samba.org
Asunto: [Samba] Samba ADDS DC krb5 and samba_nsupdate
Hello
I tried on two vms on my vmware Workstation to use samba as DC.
I want use BIND for dns system.
To join the Domain had worked successfully after I recompiled the bind.
It seems the zone are the same but Samba isn't in the ns-record.
If I run dcpromo.exe I get this error message:
This Active Directory DC is the last dns-server for the AD-zones.
If I remove the DC the dns-names can't be resolved any more.
Also Exchange doesn't find the DC
If I type kinit administrator I didn't get an answer
root at linux:~# kinit administrator
Password for administrator at DNCOM.DE:
root at linux:~#
samba-tool drs showrepl have't errors for the replication but on the end
Connection --
Connection name: b1449b55-6603-4b33-abe2-6d78071a5d76
Enabled : TRUE
Server DNS name : QC2NDOHUS2B.dncom.de
Server DN name : CN=NTDS
Settings,CN=QC2NDOHUS2B,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dncom,DC=de
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
samba_dnsupdate --verbose --all-names makes also problems
IPs: ['fe80::20c:29ff:fe65:b90e%eth0', '172.16.128.120']
Skipping PDC entry (SRV _ldap._tcp.pdc._msdcs.${DNSDOMAIN}
${HOSTNAME} 389) as we are not a PDC
Skipping PDC entry (SRV _ldap._tcp.pdc._msdcs.${DNSFOREST}
${HOSTNAME} 389) as we are not a PDC
Calling nsupdate for A dncom.de 172.16.128.120 Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
dncom.de. 900 IN A 172.16.128.120
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate
for A linux.dncom.de 172.16.128.120 Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
linux.dncom.de. 900 IN A 172.16.128.120
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate
for A gc._msdcs.dncom.de 172.16.128.120 Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
gc._msdcs.dncom.de. 900 IN A 172.16.128.120
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate
for CNAME f5b7a286-234e-4007-8c53-8686c259ed61._msdcs.dncom.de linux.dncom.de
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
f5b7a286-234e-4007-8c53-8686c259ed61._msdcs.dncom.de. 900 IN CNAME
linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate
for SRV _kpasswd._tcp.dncom.de linux.dncom.de 464 Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
_kpasswd._tcp.dncom.de. 900 IN SRV 0 100 464 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate
for SRV _kpasswd._udp.dncom.de linux.dncom.de 464 Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
_kpasswd._udp.dncom.de. 900 IN SRV 0 100 464 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate
for SRV _kerberos._tcp.dncom.de linux.dncom.de 88 Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
_kerberos._tcp.dncom.de. 900 IN SRV 0 100 88 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate
for SRV _kerberos._tcp.dc._msdcs.dncom.de linux.dncom.de 88 Outgoing update
query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
_kerberos._tcp.dc._msdcs.dncom.de. 900 IN SRV 0 100 88 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate
for SRV _kerberos._tcp.default-first-site-name._sites.dncom.de linux.dncom.de 88
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
_kerberos._tcp.default-first-site-name._sites.dncom.de. 900 IN SRV 0 100 88
linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate
for SRV _kerberos._tcp.default-first-site-name._sites.dc._msdcs.dncom.de
linux.dncom.de 88 Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
_kerberos._tcp.default-first-site-name._sites.dc._msdcs.dncom.de. 900 IN SRV 0
100 88 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate
for SRV _kerberos._udp.dncom.de linux.dncom.de 88 Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
_kerberos._udp.dncom.de. 900 IN SRV 0 100 88 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate
for SRV _ldap._tcp.dncom.de linux.dncom.de 389 Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
_ldap._tcp.dncom.de. 900 IN SRV 0 100 389 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate
for SRV _ldap._tcp.dc._msdcs.dncom.de linux.dncom.de 389 Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
_ldap._tcp.dc._msdcs.dncom.de. 900 IN SRV 0 100 389 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate
for SRV _ldap._tcp.gc._msdcs.dncom.de linux.dncom.de 3268 Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
_ldap._tcp.gc._msdcs.dncom.de. 900 IN SRV 0 100 3268 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate
for SRV _ldap._tcp.default-first-site-name._sites.dncom.de linux.dncom.de 389
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
_ldap._tcp.default-first-site-name._sites.dncom.de. 900 IN SRV 0 100 389
linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate
for SRV _ldap._tcp.default-first-site-name._sites.dc._msdcs.dncom.de
linux.dncom.de 389 Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
_ldap._tcp.default-first-site-name._sites.dc._msdcs.dncom.de. 900 IN SRV 0 100
389 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate
for SRV _ldap._tcp.default-first-site-name._sites.gc._msdcs.dncom.de
linux.dncom.de 3268 Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
_ldap._tcp.default-first-site-name._sites.gc._msdcs.dncom.de. 900 IN SRV 0 100
3268 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate
for SRV _ldap._tcp.891fe5ff-4712-4ab5-951c-c1584391f0fd.domains._msdcs.dncom.de
linux.dncom.de 389 Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
_ldap._tcp.891fe5ff-4712-4ab5-951c-c1584391f0fd.domains._msdcs.dncom.de. 900 IN
SRV 0 100 389 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate
for SRV _gc._tcp.dncom.de linux.dncom.de 3268 Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
_gc._tcp.dncom.de. 900 IN SRV 0 100 3268 linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate
for SRV _gc._tcp.default-first-site-name._sites.dncom.de linux.dncom.de 3268
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION:
_gc._tcp.default-first-site-name._sites.dncom.de. 900 IN SRV 0 100 3268
linux.dncom.de.
dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Failed update of
20 entries
Felipe
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
On Wed, 2013-01-02 at 03:40 +0000, Felipe wrote:> OK now I tried to join again > I saw this messages > > descriptor_sd_propagation_recursive: DC=DomainDnsZones,DC=*****,DC=de not found under DC=*****,DC=de > descriptor_sd_propagation_recursive: DC=ForestDnsZones,DC=*****,DC=de not found under DC=*****,DC=de > > Unable to find group id for BIND, > set permissions to sam.ldb* files manually Unable to find group id for BIND, > set permissions to sam.ldb* files manually > > bind is running as user rootGiven your errors, you should check that bind can access the database and dns.keytab correctly. Are you running 9.8 or 9.9? Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org
bind-9.9.2-P1 how can I check it? It have access to read dig give me results of my windows domain. I tried to set rights to 777 of the private directory with option -R samba_dnsupdate --verbose --all-names say dns_tkey_negotiategss: TKEY is unacceptable greetings -----Mensaje original----- De: Andrew Bartlett [mailto:abartlet at samba.org] Enviado el: mi?rcoles, 02 de enero de 2013 12:22 Para: samba CC: samba at lists.samba.org Asunto: Re: [Samba] Samba ADDS DC krb5 and samba_nsupdate On Wed, 2013-01-02 at 03:40 +0000, Felipe wrote:> OK now I tried to join again > I saw this messages > > descriptor_sd_propagation_recursive: DC=DomainDnsZones,DC=*****,DC=de > not found under DC=*****,DC=de > descriptor_sd_propagation_recursive: DC=ForestDnsZones,DC=*****,DC=de > not found under DC=*****,DC=de > > Unable to find group id for BIND, > set permissions to sam.ldb* files manually Unable to find group id for BIND, > set permissions to sam.ldb* files manually > > bind is running as user rootGiven your errors, you should check that bind can access the database and dns.keytab correctly. Are you running 9.8 or 9.9? Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org