I tried the -k, and no go. If I just put -k at the end it says -k needs
a paramater. Looking in the man page it says -k KERBEROS, so I did, and
now samba-tool says "samba-tool dns zonecreate: error: invalid -k option
value: KERBEROS"
I am completely unfamiliar with Kerberos, so if this is a stupid
mistake, forgive me.
On 2/6/2021 1:33 PM, Rowland penny via samba wrote:> On 06/02/2021 20:15, Dan Egli wrote:
>> Something screwy is going on. I kept getting password errors, so I
>> decided I'd re-provision, just in case the password was written
down
>> wrong. So I re-ran samba-tool domain provision (after removing
>> /etc/samba/smb.conf and /etc/krb5.conf) and recreated the whole
>> domain. Then I noticed that samba didn't automatically create the
>> reverse IP zone, so I went to create it:
>>
>> ?# samba-tool domain provision --interactive --use-rfc2307
>> Realm:? eglifamily.name
>> Domain [eglifamily]:
>> Server Role (dc, member, standalone) [dc]:
>> DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE)
>> [SAMBA_INTERNAL]:
>> DNS forwarder IP address (write 'none' to disable forwarding)
>> [192.168.10.3]:? 192.168.10.2
>> Administrator password:
>> Retype password:
>> <output deleted for brevity, no errors reported>
>>
>> # kinit Administrator
>> <success>
>>
>> ?# samba-tool dns zonecreate janus.eglifamily.name
>> 10.168.192.in-addr.arpa
>> Failed to bind to uuid 50abc2a4-574d-40b3-9d66-ee4fd5fba076 for
>>
ncacn_ip_tcp:2600:100e:b1df:d0d3:20c:29ff:fed0:8fed[49153,sign,target_hostname=janus.eglifamily.name,abstract_syntax=50abc2a4-574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=2600:100e:b1df:d0d3:20c:29ff:fed0:8fed]
>> NT_STATUS_UNSUCCESSFUL
>> ERROR: Connecting to DNS RPC server janus.eglifamily.name failed with
>> (3221225473, '{Operation Failed} The requested operation was
>> unsuccessful.')
>>
>> What did I do wrong?
>
>
> Probably missing '-k yes' of the end of the command, without it,
your
> command will not use the kerberos ticket
>
> Rowland
>
>
>