samba - May 2018 - samba_dnsupdate --all-names -> dns_tkey_negotiategss: TKEY is unacceptable

Hi Rowland,

Am 02.05.2018 um 14:27 schrieb Rowland Penny via samba:
> Try adding 'dns update command = /usr/sbin/samba_dnsupdate
> --use-samba-tool' to smb.conf
> 
> and run 'samba_dnsupdate --all-names --use-samba-tool'
we did this and we now getting the following error-message:
-----------
.
.
ERROR(runtime): uncaught exception - (9711,
'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
  File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib64/python2.7/site-packages/samba/netcmd/dns.py", line
940, in run
    raise e
Failed update of 29 entries

------------
We get the message for all entries. It look for me like there was no
update, because all entries already there. Or is it still a problem?

Stefna

-- 
Stefan Kania
Landweg 13
25693 St. Michaelisdonn


Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre
E-Mail. Weiter Informationen unter http://www.gnupg.org

Mein Schlüssel liegt auf

hkp://subkeys.pgp.net


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.samba.org/pipermail/samba/attachments/20180502/72320fb0/signature.sig>

On Wed, 2 May 2018 14:39:33 +0200
Stefan Kania via samba <samba at lists.samba.org> wrote:
> Hi Rowland,
> 
> Am 02.05.2018 um 14:27 schrieb Rowland Penny via samba:
> > Try adding 'dns update command = /usr/sbin/samba_dnsupdate
> > --use-samba-tool' to smb.conf
> > 
> > and run 'samba_dnsupdate --all-names --use-samba-tool'
> 
> we did this and we now getting the following error-message:
> -----------
> .
> .
> ERROR(runtime): uncaught exception - (9711,
> 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
>   File
"/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
> line 176, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/lib64/python2.7/site-packages/samba/netcmd/dns.py",
line
> 940, in run
>     raise e
> Failed update of 29 entries
> 
> ------------
> We get the message for all entries. It look for me like there was no
> update, because all entries already there. Or is it still a problem?
> 
Well, it certainly looks like the records exist, which sort of begs the
question, why did you run samba_dnsupdate in the first place ?

Rowland

Hi Rowland,

we ran samba_updatedns because we get the error
"ERROR_DNS_UPDATE_FAILED" when joining a Samba-host to the domain.
We go by the wiki
https://wiki.samba.org/index.php/Troubleshooting_Samba_Domain_Members#DNS_Update_failed:_ERROR_DNS_UPDATE_FAILED
and we checked the dynmaic DNS update as written in the wiki:
https://wiki.samba.org/index.php/Testing_Dynamic_DNS_Updates
That's how we ran into this error. I have never seen this error before.
It's the first time I uses CentOS, normally I use debian ;-).

Stefan

Am 02.05.2018 um 14:39 schrieb Stefan Kania via samba:
> Hi Rowland,
> 
> Am 02.05.2018 um 14:27 schrieb Rowland Penny via samba:
>> Try adding 'dns update command = /usr/sbin/samba_dnsupdate
>> --use-samba-tool' to smb.conf
>>
>> and run 'samba_dnsupdate --all-names --use-samba-tool'
> 
> we did this and we now getting the following error-message:
> -----------
> .
> .
> ERROR(runtime): uncaught exception - (9711,
> 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
>   File
"/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
> line 176, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/lib64/python2.7/site-packages/samba/netcmd/dns.py",
line
> 940, in run
>     raise e
> Failed update of 29 entries
> 
> ------------
> We get the message for all entries. It look for me like there was no
> update, because all entries already there. Or is it still a problem?
> 
> Stefna
> 
> 
> 
-- 
Stefan Kania
Landweg 13
25693 St. Michaelisdonn


Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre
E-Mail. Weiter Informationen unter http://www.gnupg.org

Mein Schlüssel liegt auf

hkp://subkeys.pgp.net


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.samba.org/pipermail/samba/attachments/20180502/ac406f95/signature.sig>

btw. we deactivated selinux ;-)


Am 02.05.2018 um 19:29 schrieb Stefan Kania via samba:
> Hi Rowland,
> 
> we ran samba_updatedns because we get the error
> "ERROR_DNS_UPDATE_FAILED" when joining a Samba-host to the
domain.
> We go by the wiki
>
https://wiki.samba.org/index.php/Troubleshooting_Samba_Domain_Members#DNS_Update_failed:_ERROR_DNS_UPDATE_FAILED
> and we checked the dynmaic DNS update as written in the wiki:
> https://wiki.samba.org/index.php/Testing_Dynamic_DNS_Updates
> That's how we ran into this error. I have never seen this error before.
> It's the first time I uses CentOS, normally I use debian ;-).
> 
> Stefan
> 
> Am 02.05.2018 um 14:39 schrieb Stefan Kania via samba:
>> Hi Rowland,
>>
>> Am 02.05.2018 um 14:27 schrieb Rowland Penny via samba:
>>> Try adding 'dns update command = /usr/sbin/samba_dnsupdate
>>> --use-samba-tool' to smb.conf
>>>
>>> and run 'samba_dnsupdate --all-names --use-samba-tool'
>>
>> we did this and we now getting the following error-message:
>> -----------
>> .
>> .
>> ERROR(runtime): uncaught exception - (9711,
>> 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
>>   File
"/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
>> line 176, in _run
>>     return self.run(*args, **kwargs)
>>   File
"/usr/lib64/python2.7/site-packages/samba/netcmd/dns.py", line
>> 940, in run
>>     raise e
>> Failed update of 29 entries
>>
>> ------------
>> We get the message for all entries. It look for me like there was no
>> update, because all entries already there. Or is it still a problem?
>>
>> Stefna
>>
>>
>>
> 
> 
> 
-- 
Stefan Kania
Landweg 13
25693 St. Michaelisdonn


Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre
E-Mail. Weiter Informationen unter http://www.gnupg.org

Mein Schlüssel liegt auf

hkp://subkeys.pgp.net


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.samba.org/pipermail/samba/attachments/20180502/a91c97e5/signature.sig>

On Wed, 2 May 2018 19:29:15 +0200
Stefan Kania via samba <samba at lists.samba.org> wrote:
> Hi Rowland,
> 
> we ran samba_updatedns because we get the error
> "ERROR_DNS_UPDATE_FAILED" when joining a Samba-host to the
domain.
> We go by the wiki
>
https://wiki.samba.org/index.php/Troubleshooting_Samba_Domain_Members#DNS_Update_failed:_ERROR_DNS_UPDATE_FAILED
> and we checked the dynmaic DNS update as written in the wiki:
> https://wiki.samba.org/index.php/Testing_Dynamic_DNS_Updates
> That's how we ran into this error. I have never seen this error
> before. It's the first time I uses CentOS, normally I use debian ;-).
> 
> Stefan
Hi Stefan, any reason for going to the dark side ? ;-)

I wonder if this possibly has anything to do with MIT kerberos ? There
used to be a similar problem on Debian, but this seems to have gone
away. You got the 'ERROR_DNS_UPDATE_FAILED' message, but it hadn't
failed.
Have you tried testing if the computers record exists after the
join ?

Rowland