Robert E. Wooden
2020-Jul-03 14:24 UTC
[Samba] dns_tkey_gssnegotiate: TKEY is unacceptable
On 7/3/2020 9:15 AM, Rowland penny via samba wrote:> No, might as well tell you now, it's relevant. Samba moved the keytab > to the 'bind-dns' directory sometime ago, so you should be using the > keytab in the bind-dns directory, which will mean altering the > named.conf files if you are using Bind9Yes, I saw that during setup. I had to "think thru" Louis' instructions, to test, locate and make sure I was using the correct "dns.keytab" for the BIND9_DLZ setup.> > Depends, are you actually using the correct keytab ? > > Rowland >Apparently, I missed this. So, I am not sure what to change to correct? Any explanation you could provide would clarify this for me? (FYI, Debian 10 with Samba 4.12.3) -- Bob Wooden
On 03/07/2020 15:24, Robert E. Wooden via samba wrote:> On 7/3/2020 9:15 AM, Rowland penny via samba wrote: >> No, might as well tell you now, it's relevant. Samba moved the keytab >> to the 'bind-dns' directory sometime ago, so you should be using the >> keytab in the bind-dns directory, which will mean altering the >> named.conf files if you are using Bind9 > > Yes, I saw that during setup. I had to "think thru" Louis' > instructions, to test, locate and make sure I was using the correct > "dns.keytab" for the BIND9_DLZ setup. > >> >> Depends, are you actually using the correct keytab ? >> >> Rowland >> > Apparently, I missed this. So, I am not sure what to change to correct? > > Any explanation you could provide would clarify this for me? > > (FYI, Debian 10 with Samba 4.12.3) >Does 'sudo rm -f /var/lib/samba/private/dns.keytab' give you any hint to which is the correct keytab ? Rowland
Robert E. Wooden
2020-Jul-03 14:40 UTC
[Samba] dns_tkey_gssnegotiate: TKEY is unacceptable
On 7/3/2020 9:31 AM, Rowland penny via samba wrote:> Does 'sudo rm -f /var/lib/samba/private/dns.keytab' give you any hint > to which is the correct keytab ? > > Rowland >While waiting for your reply, I began checking my BIND9 setup. Having used many of Louis' "sed" strings instructions, one those strings direct "tkey-gssapi-keytab" to use "/var/lib/samba/_private_/dns.keytab". Changed it to: "/var/lib/samba/_bind-dns_/dns.keytab" and the DC, a few minutes ago, just finished updating properly. Thanks, our decision here pointed my to the correction needed. Now, I'll ask the obvious question. Why are there two "dsn.keytab" files? It is confusing. -- Bob Wooden