Carlos A. P. Cunha
2015-Dec-30 18:19 UTC
[Samba] dns_tkey_negotiategss: TKEY is unacceptable
Hello!
I've got this error
dns_tkey_negotiategss: TKEY is unacceptable
when running samba_dnsupdate --verbose
With this error dynamic entries stopped working as Type A machines that
entered in the field or entry to a new DC.
Already tried the step described here
https://wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable
But when trying to delete the account used the same says that there is
(and it really is not listed, create a manual account ok), but when running
samba_upgradedns --dns-backend = BIND9_DLZ
I got the error
Reading domain information
Traceback (most recent call last):
File "/ opt / samba / sbin / samba_upgradedns", line 262, in
<module>
paths, lp.configfile, lp)
File
"/opt/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
line 282, in find_provision_key_parameters
names.policyid = str (res7 [0] ["cn"]). replace ("{",
""). replace ("}", "")
IndexError: list index out of range
With more Debug
[....]
Module 'tombstone_reanimate' is disabled. Skip
registration.lpcfg_servicenumber: could not find ldb
schema_fsmo_init: we are master [in] updates allowed [in]
lpcfg_servicenumber: could not find ldb
lpcfg_servicenumber: could not find ldb
lpcfg_servicenumber: could not find ldb
schema_fsmo_init: we are master [in] updates allowed [in]
Traceback (most recent call last):
File "/ opt / samba / sbin / samba_upgradedns", line 262, in
<module>
paths, lp.configfile, lp)
File
"/opt/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
line 282, in find_provision_key_parameters
names.policyid = str (res7 [0] ["cn"]). replace ("{",
""). replace ("}", "")
IndexError: list index out of range
Thanks
On 30/12/15 18:19, Carlos A. P. Cunha wrote:> Hello! > I've got this error > dns_tkey_negotiategss: TKEY is unacceptable > > when running samba_dnsupdate --verbose > > With this error dynamic entries stopped working as Type A machines > that entered in the field or entry to a new DC. > > Already tried the step described here > > https://wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable > > > But when trying to delete the account used the same says that there is > (and it really is not listed, create a manual account ok), but when > running > > samba_upgradedns --dns-backend = BIND9_DLZ > > I got the error > > Reading domain information > Traceback (most recent call last): > File "/ opt / samba / sbin / samba_upgradedns", line 262, in <module> > paths, lp.configfile, lp) > File > "/opt/samba/lib/python2.7/site-packages/samba/provision/__init__.py", > line 282, in find_provision_key_parameters > names.policyid = str (res7 [0] ["cn"]). replace ("{", ""). replace > ("}", "") > IndexError: list index out of range > > With more Debug > > [....] > > Module 'tombstone_reanimate' is disabled. Skip > registration.lpcfg_servicenumber: could not find ldb > schema_fsmo_init: we are master [in] updates allowed [in] > lpcfg_servicenumber: could not find ldb > lpcfg_servicenumber: could not find ldb > lpcfg_servicenumber: could not find ldb > schema_fsmo_init: we are master [in] updates allowed [in] > Traceback (most recent call last): > File "/ opt / samba / sbin / samba_upgradedns", line 262, in <module> > paths, lp.configfile, lp) > File > "/opt/samba/lib/python2.7/site-packages/samba/provision/__init__.py", > line 282, in find_provision_key_parameters > names.policyid = str (res7 [0] ["cn"]). replace ("{", ""). replace > ("}", "") > IndexError: list index out of range > > > Thanks >I had this problem, and I think, like me, you missed this: *NOTE:* Until Bug #10882 <https://bugzilla.samba.org/show_bug.cgi?id=10882> is fixed, you will have to temporary switch the backend to SAMBA_INTERNAL and then back to BIND9_DLZ as a workaround instead of just setting just it to BIND9_DLZ again! Otherwise the account will not be created. Rowland
Carlos A. P. Cunha
2015-Dec-30 19:07 UTC
[Samba] dns_tkey_negotiategss: TKEY is unacceptable
Hello!
I had tested it but validei and still generates the error
I had this problem, and I think, like me, you missed this:
* NOTE: * Until Bug # 10882
<https://bugzilla.samba.org/show_bug.cgi?id=10882> is fixed, you will
have temporary switch to the backend to SAMBA_INTERNAL And Then back to
BIND9_DLZ as a workaround instead of just setting it to just BIND9_DLZ
again! Otherwise the account will not be created.
Debug
Module 'tombstone_reanimate' is disabled. Skip
registration.schema_fsmo_init: we are master [yes] updates allowed [in]
schema_fsmo_init: we are master [yes] updates allowed [in]
Traceback (most recent call last):
File "/ opt / samba / sbin / samba_upgradedns", line 262, in
<module>
paths, lp.configfile, lp)
File
"/opt/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
line 282, in find_provision_key_parameters
names.policyid = str (res7 [0] ["cn"]). replace ("{",
""). replace ("}", "")
IndexError: list index out of range
Thanks
Em 30-12-2015 16:57, Rowland penny escreveu:> On 30/12/15 18:19, Carlos A. P. Cunha wrote:
>> Hello!
>> I've got this error
>> dns_tkey_negotiategss: TKEY is unacceptable
>>
>> when running samba_dnsupdate --verbose
>>
>> With this error dynamic entries stopped working as Type A machines
>> that entered in the field or entry to a new DC.
>>
>> Already tried the step described here
>>
>>
https://wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable
>>
>>
>> But when trying to delete the account used the same says that there
>> is (and it really is not listed, create a manual account ok), but
>> when running
>>
>> samba_upgradedns --dns-backend = BIND9_DLZ
>>
>> I got the error
>>
>> Reading domain information
>> Traceback (most recent call last):
>> File "/ opt / samba / sbin / samba_upgradedns", line 262, in
<module>
>> paths, lp.configfile, lp)
>> File
>>
"/opt/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
>> line 282, in find_provision_key_parameters
>> names.policyid = str (res7 [0] ["cn"]). replace
("{", ""). replace
>> ("}", "")
>> IndexError: list index out of range
>>
>> With more Debug
>>
>> [....]
>>
>> Module 'tombstone_reanimate' is disabled. Skip
>> registration.lpcfg_servicenumber: could not find ldb
>> schema_fsmo_init: we are master [in] updates allowed [in]
>> lpcfg_servicenumber: could not find ldb
>> lpcfg_servicenumber: could not find ldb
>> lpcfg_servicenumber: could not find ldb
>> schema_fsmo_init: we are master [in] updates allowed [in]
>> Traceback (most recent call last):
>> File "/ opt / samba / sbin / samba_upgradedns", line 262, in
<module>
>> paths, lp.configfile, lp)
>> File
>>
"/opt/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
>> line 282, in find_provision_key_parameters
>> names.policyid = str (res7 [0] ["cn"]). replace
("{", ""). replace
>> ("}", "")
>> IndexError: list index out of range
>>
>>
>> Thanks
>>
>
> I had this problem, and I think, like me, you missed this:
>
> *NOTE:* Until Bug #10882
> <https://bugzilla.samba.org/show_bug.cgi?id=10882> is fixed, you will
> have to temporary switch the backend to SAMBA_INTERNAL and then back
> to BIND9_DLZ as a workaround instead of just setting just it to
> BIND9_DLZ again! Otherwise the account will not be created.
>
> Rowland
On 30/12/15 18:19, Carlos A. P. Cunha wrote:> Hello! > I've got this error > dns_tkey_negotiategss: TKEY is unacceptable > > when running samba_dnsupdate --verbose > > With this error dynamic entries stopped working as Type A machines > that entered in the field or entry to a new DC. > > Already tried the step described here > > https://wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable > > > But when trying to delete the account used the same says that there is > (and it really is not listed, create a manual account ok), but when > running > > samba_upgradedns --dns-backend = BIND9_DLZ > > I got the error > > Reading domain information > Traceback (most recent call last): > File "/ opt / samba / sbin / samba_upgradedns", line 262, in <module> > paths, lp.configfile, lp) > File > "/opt/samba/lib/python2.7/site-packages/samba/provision/__init__.py", > line 282, in find_provision_key_parameters > names.policyid = str (res7 [0] ["cn"]). replace ("{", ""). replace > ("}", "") > IndexError: list index out of range > > With more Debug > > [....] > > Module 'tombstone_reanimate' is disabled. Skip > registration.lpcfg_servicenumber: could not find ldb > schema_fsmo_init: we are master [in] updates allowed [in] > lpcfg_servicenumber: could not find ldb > lpcfg_servicenumber: could not find ldb > lpcfg_servicenumber: could not find ldb > schema_fsmo_init: we are master [in] updates allowed [in] > Traceback (most recent call last): > File "/ opt / samba / sbin / samba_upgradedns", line 262, in <module> > paths, lp.configfile, lp) > File > "/opt/samba/lib/python2.7/site-packages/samba/provision/__init__.py", > line 282, in find_provision_key_parameters > names.policyid = str (res7 [0] ["cn"]). replace ("{", ""). replace > ("}", "") > IndexError: list index out of range > > > Thanks >OK, try running this: ldbsearch -H /usr/local/samba/private/sam.ldb '(cn={31B2F340-016D-11D2-945F-00C04FB984F9})' cn name What does it return? Rowland
Carlos A. P. Cunha
2015-Dec-30 19:57 UTC
[Samba] dns_tkey_negotiategss: TKEY is unacceptable
Hello!
Output of command
# 1 record
dn:
CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=MYDOMAIN
cn: {31B2F340-016D-11D2-945F-00C04FB984F9}
name: {31B2F340-016D-11D2-945F-00C04FB984F9}
Referral #
ref: ldap: //interno.mastersonda.com.br/CN=Configuration,DC=MYDOMAIN
Referral #
ref: ldap: //interno.mastersonda.com.br/DC=DomainDnsZones,DC=MYDOMAIN
Referral #
ref: ldap: //interno.mastersonda.com.br/DC=ForestDnsZones,DC=MYDOMAIN
# Returned 4 records
# 1 entries
# 3 referrals
One important thing to previous email error edited the file in line
where accuses the error
I came
/opt/samba/lib/python2.7/site-packages/samba/provision/__init__.py +282
and commented the line (not sure if this and bad)
# names.policyid = str (res7 [0] ["cn"]). replace ("{",
""). replace
("}", "")
Thus the error entering --dns-backend samba_upgradedns = BIND9_DLZ or
--dns-backend samba_upgradedns = SAMBA_INTERNAL sumio and the case is
made that, however validei the DNS account is deleted but not recreated,
and sometimes when trying to recreate Manually says
ERROR (ldb): Failed to add user 'dns-DC-Linux': - samldb: Account name
(sAMAccountName) 'dns-DC-LINUX' already in use!
However the account does not exist in the User list.
Thanks
Em 30-12-2015 17:41, Rowland penny escreveu:> On 30/12/15 18:19, Carlos A. P. Cunha wrote:
>> Hello!
>> I've got this error
>> dns_tkey_negotiategss: TKEY is unacceptable
>>
>> when running samba_dnsupdate --verbose
>>
>> With this error dynamic entries stopped working as Type A machines
>> that entered in the field or entry to a new DC.
>>
>> Already tried the step described here
>>
>>
https://wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable
>>
>>
>> But when trying to delete the account used the same says that there
>> is (and it really is not listed, create a manual account ok), but
>> when running
>>
>> samba_upgradedns --dns-backend = BIND9_DLZ
>>
>> I got the error
>>
>> Reading domain information
>> Traceback (most recent call last):
>> File "/ opt / samba / sbin / samba_upgradedns", line 262, in
<module>
>> paths, lp.configfile, lp)
>> File
>>
"/opt/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
>> line 282, in find_provision_key_parameters
>> names.policyid = str (res7 [0] ["cn"]). replace
("{", ""). replace
>> ("}", "")
>> IndexError: list index out of range
>>
>> With more Debug
>>
>> [....]
>>
>> Module 'tombstone_reanimate' is disabled. Skip
>> registration.lpcfg_servicenumber: could not find ldb
>> schema_fsmo_init: we are master [in] updates allowed [in]
>> lpcfg_servicenumber: could not find ldb
>> lpcfg_servicenumber: could not find ldb
>> lpcfg_servicenumber: could not find ldb
>> schema_fsmo_init: we are master [in] updates allowed [in]
>> Traceback (most recent call last):
>> File "/ opt / samba / sbin / samba_upgradedns", line 262, in
<module>
>> paths, lp.configfile, lp)
>> File
>>
"/opt/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
>> line 282, in find_provision_key_parameters
>> names.policyid = str (res7 [0] ["cn"]). replace
("{", ""). replace
>> ("}", "")
>> IndexError: list index out of range
>>
>>
>> Thanks
>>
>
> OK, try running this:
>
> ldbsearch -H /usr/local/samba/private/sam.ldb
> '(cn={31B2F340-016D-11D2-945F-00C04FB984F9})' cn name
>
> What does it return?
>
> Rowland
>
>