Rommel Rodriguez Toirac
2020-Nov-18 17:34 UTC
[Samba] dnsupdate failed with TKEY is unaceptable
?
In my network I have a samba 4.11.4 as Active Directory Domain Controller
installed in CentOS 7 (gtmad.gtm.onat.gob.cu - 192.168.41.17). I have recently
installed samba 4.13.2 in CentOS 8 (gtmad1.gtm.onat.gob.cu - 192.168.41.18) and
following the wiki.samba.org guide I have joined it as a domain controller to my
network.
?
? But I have a "dnsupdate_nameupdate_done: Failed DNS update with exit code
26" due to "TKEY is unacceptable"
?
? Some of my steps in the progress:
?
? Everything seems fine with directory replication:
# samba-tool drs showrepl
Default-First-Site-NameGTMAD1
DSA Options: 0x00000001
DSA object GUID: 03d9f4b0-72a5-47cd-b572-a33ae30b73ce
DSA invocationId: 1a022b20-9777-4366-b996-5b27a46aff42
==== INBOUND NEIGHBORS ===DC=DomainDnsZones,DC=gtm,DC=onat,DC=gob,DC=cu
??????? Default-First-Site-NameGTMAD via RPC
??????????????? DSA object GUID: 968f8914-c861-4cd4-96f4-7a233880992c
??????????????? Last attempt @ Wed Nov 18 11:43:33 2020 CST was successful
??????????????? 0 consecutive failure(s).
??????????????? Last success @ Wed Nov 18 11:43:33 2020 CST
DC=ForestDnsZones,DC=gtm,DC=onat,DC=gob,DC=cu
??????? Default-First-Site-NameGTMAD via RPC
??????????????? DSA object GUID: 968f8914-c861-4cd4-96f4-7a233880992c
??????????????? Last attempt @ Wed Nov 18 11:43:33 2020 CST was successful
??????????????? 0 consecutive failure(s).
??????????????? Last success @ Wed Nov 18 11:43:33 2020 CST
CN=Schema,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
??????? Default-First-Site-NameGTMAD via RPC
??????????????? DSA object GUID: 968f8914-c861-4cd4-96f4-7a233880992c
??????????????? Last attempt @ Wed Nov 18 11:43:33 2020 CST was successful
??????????????? 0 consecutive failure(s).
??????????????? Last success @ Wed Nov 18 11:43:33 2020 CST
DC=gtm,DC=onat,DC=gob,DC=cu
??????? Default-First-Site-NameGTMAD via RPC
??????????????? DSA object GUID: 968f8914-c861-4cd4-96f4-7a233880992c
??????????????? Last attempt @ Wed Nov 18 11:43:33 2020 CST was successful
??????????????? 0 consecutive failure(s).
??????????????? Last success @ Wed Nov 18 11:43:33 2020 CST
CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
??????? Default-First-Site-NameGTMAD via RPC
??????????????? DSA object GUID: 968f8914-c861-4cd4-96f4-7a233880992c
??????????????? Last attempt @ Wed Nov 18 11:43:33 2020 CST was successful
??????????????? 0 consecutive failure(s).
??????????????? Last success @ Wed Nov 18 11:43:33 2020 CST
==== OUTBOUND NEIGHBORS ===DC=DomainDnsZones,DC=gtm,DC=onat,DC=gob,DC=cu
??????? Default-First-Site-NameGTMAD via RPC
??????????????? DSA object GUID: 968f8914-c861-4cd4-96f4-7a233880992c
??????????????? Last attempt @ NTTIME(0) was successful
??????????????? 0 consecutive failure(s).
??????????????? Last success @ NTTIME(0)
DC=ForestDnsZones,DC=gtm,DC=onat,DC=gob,DC=cu
??????? Default-First-Site-NameGTMAD via RPC
??????????????? DSA object GUID: 968f8914-c861-4cd4-96f4-7a233880992c
??????????????? Last attempt @ NTTIME(0) was successful
??????????????? 0 consecutive failure(s).
??????????????? Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
??????? Default-First-Site-NameGTMAD via RPC
??????????????? DSA object GUID: 968f8914-c861-4cd4-96f4-7a233880992c
??????????????? Last attempt @ NTTIME(0) was successful
??????????????? 0 consecutive failure(s).
??????????????? Last success @ NTTIME(0)
DC=gtm,DC=onat,DC=gob,DC=cu
??????? Default-First-Site-NameGTMAD via RPC
??????????????? DSA object GUID: 968f8914-c861-4cd4-96f4-7a233880992c
??????????????? Last attempt @ NTTIME(0) was successful
??????????????? 0 consecutive failure(s).
??????????????? Last success @ NTTIME(0)
CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
??????? Default-First-Site-NameGTMAD via RPC
??????????????? DSA object GUID: 968f8914-c861-4cd4-96f4-7a233880992c
??????????????? Last attempt @ NTTIME(0) was successful
??????????????? 0 consecutive failure(s).
??????????????? Last success @ NTTIME(0)
==== KCC CONNECTION OBJECTS ===Connection --
??????? Connection name: 0c6a236f-edeb-486a-9791-d75de0564fc4
??????? Enabled??????? : TRUE
??????? Server DNS name : gtmad.gtm.onat.gob.cu
??????? Server DN name? : CN=NTDS
Settings,CN=GTMAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
??????????????? TransportType: RPC
??????????????? options: 0x00000001
Warning: No NC replicated for Connection!
?
?
? When I check the local DNS service I get the following:
# host -t A gtm.onat.gob.cu localhost
Using domain server:
Name: localhost
Address: 127.0.0.1#53
Aliases:?
gtm.onat.gob.cu has address 192.168.41.17
? (It only solves the IP of the samba 4.11.4 AD-DC not his as well, do not know
if this is a problem)
?
?
? When I check the status of the named.service service it seems that everything
is fine:
# systemctl status named.service -l?
? named.service - Berkeley Internet Name Domain (DNS)
? Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset:
disabled)
? Active: active (running) since Wed 2020-11-18 12:02:02 CST; 7s ago
?Process: 18524 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null
2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
?Process: 18539 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS
(code=exited, status=0/SUCCESS)
?Process: 18537 ExecStartPre=/bin/bash -c if [ !
"$DISABLE_ZONE_CHECKING" == "yes" ]; then
/usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of
zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 18541 (named)
?? Tasks: 35 (limit: 26213)
? Memory: 102.6M
? CGroup: /system.slice/named.service
????????? ??18541 /usr/sbin/named -u named -c /etc/named.conf
nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: configuring command channel
from '/etc/rndc.key'
nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: command channel listening
on 127.0.0.1#953
nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: configuring command channel
from '/etc/rndc.key'
nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: command channel listening
on ::1#953
nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: managed-keys-zone: loaded
serial 0
nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: zone
0.0.127.in-addr.arpa/IN: loaded serial 2013050101
nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: zone localhost/IN: loaded
serial 2013050101
nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: all zones loaded
nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: running
nov 18 12:02:02 gtmad1.gtm.onat.gob.cu systemd[1]: Started Berkeley Internet
Name Domain (DNS).
?
?
? When I check the status of the samba service I have the following problem:
# systemctl status samba-ad-dc.service
? samba-ad-dc.service - Samba Active Directory Domain Controller
?? Loaded: loaded (/etc/systemd/system/samba-ad-dc.service; disabled; vendor
preset: disabled)
?? Active: active (running) since Tue 2020-11-17 11:58:14 CST; 23h ago
? Process: 197 ExecStart=/usr/sbin/samba -D (code=exited, status=0/SUCCESS)
?Main PID: 198 (samba)
??? Tasks: 59 (limit: 26213)
?? Memory: 342.1M
?? CGroup: /system.slice/samba-ad-dc.service
?????????? ?? 198 /usr/sbin/samba -D
?????????? ...
?????????? ?? 208 /usr/sbin/samba -D
?????????? ?? 209 /sbin//smbd -D --option=server role check:inhibit=yes
--foreground
?????????? ?? 210 /usr/sbin/samba -D
?????????? ...
?????????? ?? 230 /sbin//winbindd -D --option=server role check:inhibit=yes
--foreground
?????????? ?? 231 /usr/sbin/samba -D
?????????? ...
?????????? ?? 249 /sbin//smbd -D --option=server role check:inhibit=yes
--foreground
?????????? ?? 250 /sbin//smbd -D --option=server role check:inhibit=yes
--foreground
?????????? ?? 251 /usr/sbin/samba -D
?????????? ...
?????????? ?? 259 /sbin//smbd -D --option=server role check:inhibit=yes
--foreground
?????????? ??1138 /sbin//winbindd -D --option=server role check:inhibit=yes
--foreground
?????????? ??1139 /sbin//winbindd -D --option=server role check:inhibit=yes
--foreground
?????????? ??1140 /sbin//winbindd -D --option=server role check:inhibit=yes
--foreground
?????????? nov 18 11:28:30 gtmad1.gtm.onat.gob.cu samba[231]: [2020/11/18
11:28:30.911574,? 0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
nov 18 11:28:30 gtmad1.gtm.onat.gob.cu samba[231]:?? /sbin//samba_dnsupdate:
dns_tkey_gssnegotiate: TKEY is unacceptable
nov 18 11:28:30 gtmad1.gtm.onat.gob.cu samba[231]: [2020/11/18 11:28:30.928092,?
0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
nov 18 11:28:30 gtmad1.gtm.onat.gob.cu samba[231]:?? /sbin//samba_dnsupdate:
dns_tkey_gssnegotiate: TKEY is unacceptable
nov 18 11:28:30 gtmad1.gtm.onat.gob.cu samba[231]: [2020/11/18 11:28:30.953861,?
0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
nov 18 11:28:30 gtmad1.gtm.onat.gob.cu samba[231]:?? /sbin//samba_dnsupdate:
dns_tkey_gssnegotiate: TKEY is unacceptable
nov 18 11:28:31 gtmad1.gtm.onat.gob.cu samba[231]: [2020/11/18 11:28:31.006807,?
0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
nov 18 11:28:31 gtmad1.gtm.onat.gob.cu samba[231]:?? /sbin//samba_dnsupdate:
dns_tkey_gssnegotiate: TKEY is unacceptable
nov 18 11:28:31 gtmad1.gtm.onat.gob.cu samba[231]: [2020/11/18 11:28:31.028370,?
0] ../../source4/dsdb/dns/dns_update.c:86(dnsupdate_nameupdate_done)
nov 18 11:28:31 gtmad1.gtm.onat.gob.cu samba[231]:?? dnsupdate_nameupdate_done:
Failed DNS update with exit code 26
?
? How I can fix this?
?
? Where else to check to find a solution?
? Thanks in advanceRommel Rodriguez Toiracrommelrt at nauta.cu
On Wed, 18 Nov 2020, Rommel Rodriguez Toirac via samba wrote:> ? > In my network I have a samba 4.11.4 as Active Directory Domain Controller installed in CentOS 7 (gtmad.gtm.onat.gob.cu - 192.168.41.17). I have recently installed samba 4.13.2 in CentOS 8 (gtmad1.gtm.onat.gob.cu - 192.168.41.18) and following the wiki.samba.org guide I have joined it as a domain controller to my network. > ? > ? But I have a "dnsupdate_nameupdate_done: Failed DNS update with exit code 26" due to "TKEY is unacceptable" > ? > ? Some of my steps in the progress: > ? > ? Everything seems fine with directory replication: > # samba-tool drs showrepl > Default-First-Site-NameGTMAD1 > DSA Options: 0x00000001 > DSA object GUID: 03d9f4b0-72a5-47cd-b572-a33ae30b73ce > DSA invocationId: 1a022b20-9777-4366-b996-5b27a46aff42 > ==== INBOUND NEIGHBORS ===> DC=DomainDnsZones,DC=gtm,DC=onat,DC=gob,DC=cu > ??????? Default-First-Site-NameGTMAD via RPC > ??????????????? DSA object GUID: 968f8914-c861-4cd4-96f4-7a233880992c > ??????????????? Last attempt @ Wed Nov 18 11:43:33 2020 CST was successful > ??????????????? 0 consecutive failure(s). > ??????????????? Last success @ Wed Nov 18 11:43:33 2020 CST > DC=ForestDnsZones,DC=gtm,DC=onat,DC=gob,DC=cu > ??????? Default-First-Site-NameGTMAD via RPC > ??????????????? DSA object GUID: 968f8914-c861-4cd4-96f4-7a233880992c > ??????????????? Last attempt @ Wed Nov 18 11:43:33 2020 CST was successful > ??????????????? 0 consecutive failure(s). > ??????????????? Last success @ Wed Nov 18 11:43:33 2020 CST > CN=Schema,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu > ??????? Default-First-Site-NameGTMAD via RPC > ??????????????? DSA object GUID: 968f8914-c861-4cd4-96f4-7a233880992c > ??????????????? Last attempt @ Wed Nov 18 11:43:33 2020 CST was successful > ??????????????? 0 consecutive failure(s). > ??????????????? Last success @ Wed Nov 18 11:43:33 2020 CST > DC=gtm,DC=onat,DC=gob,DC=cu > ??????? Default-First-Site-NameGTMAD via RPC > ??????????????? DSA object GUID: 968f8914-c861-4cd4-96f4-7a233880992c > ??????????????? Last attempt @ Wed Nov 18 11:43:33 2020 CST was successful > ??????????????? 0 consecutive failure(s). > ??????????????? Last success @ Wed Nov 18 11:43:33 2020 CST > CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu > ??????? Default-First-Site-NameGTMAD via RPC > ??????????????? DSA object GUID: 968f8914-c861-4cd4-96f4-7a233880992c > ??????????????? Last attempt @ Wed Nov 18 11:43:33 2020 CST was successful > ??????????????? 0 consecutive failure(s). > ??????????????? Last success @ Wed Nov 18 11:43:33 2020 CST > ==== OUTBOUND NEIGHBORS ===> DC=DomainDnsZones,DC=gtm,DC=onat,DC=gob,DC=cu > ??????? Default-First-Site-NameGTMAD via RPC > ??????????????? DSA object GUID: 968f8914-c861-4cd4-96f4-7a233880992c > ??????????????? Last attempt @ NTTIME(0) was successful > ??????????????? 0 consecutive failure(s). > ??????????????? Last success @ NTTIME(0) > DC=ForestDnsZones,DC=gtm,DC=onat,DC=gob,DC=cu > ??????? Default-First-Site-NameGTMAD via RPC > ??????????????? DSA object GUID: 968f8914-c861-4cd4-96f4-7a233880992c > ??????????????? Last attempt @ NTTIME(0) was successful > ??????????????? 0 consecutive failure(s). > ??????????????? Last success @ NTTIME(0) > CN=Schema,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu > ??????? Default-First-Site-NameGTMAD via RPC > ??????????????? DSA object GUID: 968f8914-c861-4cd4-96f4-7a233880992c > ??????????????? Last attempt @ NTTIME(0) was successful > ??????????????? 0 consecutive failure(s). > ??????????????? Last success @ NTTIME(0) > DC=gtm,DC=onat,DC=gob,DC=cu > ??????? Default-First-Site-NameGTMAD via RPC > ??????????????? DSA object GUID: 968f8914-c861-4cd4-96f4-7a233880992c > ??????????????? Last attempt @ NTTIME(0) was successful > ??????????????? 0 consecutive failure(s). > ??????????????? Last success @ NTTIME(0) > CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu > ??????? Default-First-Site-NameGTMAD via RPC > ??????????????? DSA object GUID: 968f8914-c861-4cd4-96f4-7a233880992c > ??????????????? Last attempt @ NTTIME(0) was successful > ??????????????? 0 consecutive failure(s). > ??????????????? Last success @ NTTIME(0) > ==== KCC CONNECTION OBJECTS ===> Connection -- > ??????? Connection name: 0c6a236f-edeb-486a-9791-d75de0564fc4 > ??????? Enabled??????? : TRUE > ??????? Server DNS name : gtmad.gtm.onat.gob.cu > ??????? Server DN name? : CN=NTDS Settings,CN=GTMAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu > ??????????????? TransportType: RPC > ??????????????? options: 0x00000001 > Warning: No NC replicated for Connection! > ? > ? > ? When I check the local DNS service I get the following: > # host -t A gtm.onat.gob.cu localhost > Using domain server: > Name: localhost > Address: 127.0.0.1#53 > Aliases:? > gtm.onat.gob.cu has address 192.168.41.17 > ? (It only solves the IP of the samba 4.11.4 AD-DC not his as well, do not know if this is a problem) > ? > ? > ? When I check the status of the named.service service it seems that everything is fine: > # systemctl status named.service -l? > ? named.service - Berkeley Internet Name Domain (DNS) > ? Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled) > ? Active: active (running) since Wed 2020-11-18 12:02:02 CST; 7s ago > ?Process: 18524 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS) > ?Process: 18539 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS) > ?Process: 18537 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS) > Main PID: 18541 (named) > ?? Tasks: 35 (limit: 26213) > ? Memory: 102.6M > ? CGroup: /system.slice/named.service > ????????? ??18541 /usr/sbin/named -u named -c /etc/named.conf > nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: configuring command channel from '/etc/rndc.key' > nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: command channel listening on 127.0.0.1#953 > nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: configuring command channel from '/etc/rndc.key' > nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: command channel listening on ::1#953 > nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: managed-keys-zone: loaded serial 0 > nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: zone 0.0.127.in-addr.arpa/IN: loaded serial 2013050101 > nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: zone localhost/IN: loaded serial 2013050101 > nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: all zones loaded > nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: running > nov 18 12:02:02 gtmad1.gtm.onat.gob.cu systemd[1]: Started Berkeley Internet Name Domain (DNS). > ? > ? > ? When I check the status of the samba service I have the following problem: > # systemctl status samba-ad-dc.service > ? samba-ad-dc.service - Samba Active Directory Domain Controller > ?? Loaded: loaded (/etc/systemd/system/samba-ad-dc.service; disabled; vendor preset: disabled) > ?? Active: active (running) since Tue 2020-11-17 11:58:14 CST; 23h ago > ? Process: 197 ExecStart=/usr/sbin/samba -D (code=exited, status=0/SUCCESS) > ?Main PID: 198 (samba) > ??? Tasks: 59 (limit: 26213) > ?? Memory: 342.1M > ?? CGroup: /system.slice/samba-ad-dc.service > ?????????? ?? 198 /usr/sbin/samba -D > ?????????? ... > ?????????? ?? 208 /usr/sbin/samba -D > ?????????? ?? 209 /sbin//smbd -D --option=server role check:inhibit=yes --foreground > ?????????? ?? 210 /usr/sbin/samba -D > ?????????? ... > ?????????? ?? 230 /sbin//winbindd -D --option=server role check:inhibit=yes --foreground > ?????????? ?? 231 /usr/sbin/samba -D > ?????????? ... > ?????????? ?? 249 /sbin//smbd -D --option=server role check:inhibit=yes --foreground > ?????????? ?? 250 /sbin//smbd -D --option=server role check:inhibit=yes --foreground > ?????????? ?? 251 /usr/sbin/samba -D > ?????????? ... > ?????????? ?? 259 /sbin//smbd -D --option=server role check:inhibit=yes --foreground > ?????????? ??1138 /sbin//winbindd -D --option=server role check:inhibit=yes --foreground > ?????????? ??1139 /sbin//winbindd -D --option=server role check:inhibit=yes --foreground > ?????????? ??1140 /sbin//winbindd -D --option=server role check:inhibit=yes --foreground > ?????????? nov 18 11:28:30 gtmad1.gtm.onat.gob.cu samba[231]: [2020/11/18 11:28:30.911574,? 0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler) > nov 18 11:28:30 gtmad1.gtm.onat.gob.cu samba[231]:?? /sbin//samba_dnsupdate: dns_tkey_gssnegotiate: TKEY is unacceptable > nov 18 11:28:30 gtmad1.gtm.onat.gob.cu samba[231]: [2020/11/18 11:28:30.928092,? 0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler) > nov 18 11:28:30 gtmad1.gtm.onat.gob.cu samba[231]:?? /sbin//samba_dnsupdate: dns_tkey_gssnegotiate: TKEY is unacceptable > nov 18 11:28:30 gtmad1.gtm.onat.gob.cu samba[231]: [2020/11/18 11:28:30.953861,? 0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler) > nov 18 11:28:30 gtmad1.gtm.onat.gob.cu samba[231]:?? /sbin//samba_dnsupdate: dns_tkey_gssnegotiate: TKEY is unacceptable > nov 18 11:28:31 gtmad1.gtm.onat.gob.cu samba[231]: [2020/11/18 11:28:31.006807,? 0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler) > nov 18 11:28:31 gtmad1.gtm.onat.gob.cu samba[231]:?? /sbin//samba_dnsupdate: dns_tkey_gssnegotiate: TKEY is unacceptable > nov 18 11:28:31 gtmad1.gtm.onat.gob.cu samba[231]: [2020/11/18 11:28:31.028370,? 0] ../../source4/dsdb/dns/dns_update.c:86(dnsupdate_nameupdate_done) > nov 18 11:28:31 gtmad1.gtm.onat.gob.cu samba[231]:?? dnsupdate_nameupdate_done: Failed DNS update with exit code 26 > ? > ? How I can fix this?Does https://wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable help? Regards, -- Tom me at tdiehl.org
On 18/11/2020 17:34, Rommel Rodriguez Toirac via samba wrote:> > In my network I have a samba 4.11.4 as Active Directory Domain Controller installed in CentOS 7 (gtmad.gtm.onat.gob.cu - 192.168.41.17). I have recently installed samba 4.13.2 in CentOS 8 (gtmad1.gtm.onat.gob.cu - 192.168.41.18) and following the wiki.samba.org guide I have joined it as a domain controller to my network.Have you compiled Samba yourself ?> ? When I check the local DNS service I get the following: > # host -t A gtm.onat.gob.cu localhost > Using domain server: > Name: localhost > Address: 127.0.0.1#53 > Aliases: > gtm.onat.gob.cu has address 192.168.41.17 > ? (It only solves the IP of the samba 4.11.4 AD-DC not his as well, do not know if this is a problem) > > > ? When I check the status of the named.service service it seems that everything is fine: > # systemctl status named.service -l > > ????????? ??18541 /usr/sbin/named -u named -c /etc/named.conf > nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: configuring command channel from '/etc/rndc.key' > nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: command channel listening on 127.0.0.1#953 > nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: configuring command channel from '/etc/rndc.key' > nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: command channel listening on ::1#953 > nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: managed-keys-zone: loaded serial 0 > nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: zone 0.0.127.in-addr.arpa/IN: loaded serial 2013050101 > nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: zone localhost/IN: loaded serial 2013050101 > nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: all zones loaded > nov 18 12:02:02 gtmad1.gtm.onat.gob.cu named[18541]: running > nov 18 12:02:02 gtmad1.gtm.onat.gob.cu systemd[1]: Started Berkeley Internet Name Domain (DNS).It doesn't look like bind can find the DNS zones in AD, so can you post your named.conf and smb.conf Rowland