On 06/02/2021 22:27, Dan Egli wrote:> > On 2/6/2021 1:51 PM, Rowland penny via samba wrote: >> On 06/02/2021 20:43, Dan Egli wrote: >>> I tried the -k, and no go. If I just put -k at the end it says -k >>> needs a paramater. Looking in the man page it says -k KERBEROS, so I >>> did, and now samba-tool says "samba-tool dns zonecreate: error: >>> invalid -k option value: KERBEROS" >>> >>> I am completely unfamiliar with Kerberos, so if this is a stupid >>> mistake, forgive me. >> >> >> No, it is not a stupid question, for 'KERBEROS' read 'no|yes|auto', >> so to use kerberos with your command you need a ticket (which will be >> 'krb5cc_0' in /tmp) and to add '-k yes' to the command. >> >> Rowland >> > > Well, I tried with -k yes and still not working: > > #? samba-tool dns zonecreate janus.eglifamily.name > 10.168.192.in-addr.arpa -k yes > Failed to bind to uuid 50abc2a4-574d-40b3-9d66-ee4fd5fba076 for > ncacn_ip_tcp:2600:100e:b1df:d0d3:20c:29ff:fed0:8fed[49153,sign,target_hostname=janus.eglifamily.name,abstract_syntax=50abc2a4-574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=2600:100e:b1df:d0d3:20c:29ff:fed0:8fed] > NT_STATUS_UNSUCCESSFUL > ERROR: Connecting to DNS RPC server janus.eglifamily.name failed with > (3221225473, '{Operation Failed} The requested operation was > unsuccessful.') > > # klist > Ticket cache: FILE:/tmp/krb5cc_0 > Default principal: Administrator at EGLIFAMILY.NAME > > Valid starting???? Expires??????????? Service principal > 02/06/21 13:12:17? 02/06/21 23:12:17 > krbtgt/EGLIFAMILY.NAME at EGLIFAMILY.NAME > ??????? renew until 02/07/21 13:12:10 > 02/06/21 15:25:06? 02/06/21 23:12:17 > host/JANUS.EGLIFAMILY.NAME at EGLIFAMILY.NAME > > I'm open to the next suggestion.Have you set this DC to use itself as its nameserver ? I would check your DNS settings. Try replacing? the server name 'janus.eglifamily.name' with the DC's ipaddress and if that fails replace the '-k yes' with -UAdministrator and see if the password works. Rowland
Forgot one test: ?# samba-tool dns zonecreate 192.168.10.3 10.168.182.in-addr.arpa -k yes Failed to bind to uuid 50abc2a4-574d-40b3-9d66-ee4fd5fba076 for ncacn_ip_tcp:192.168.10.3[49153,sign,abstract_syntax=50abc2a4-574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=192.168.10.3] NT_STATUS_INVALID_PARAMETER ERROR: Connecting to DNS RPC server 192.168.10.3 failed with (3221225485, 'An invalid parameter was passed to a service or function.') On 2/6/2021 3:45 PM, Rowland penny via samba wrote:> On 06/02/2021 22:27, Dan Egli wrote: >> >> On 2/6/2021 1:51 PM, Rowland penny via samba wrote: >>> On 06/02/2021 20:43, Dan Egli wrote: >>>> I tried the -k, and no go. If I just put -k at the end it says -k >>>> needs a paramater. Looking in the man page it says -k KERBEROS, so >>>> I did, and now samba-tool says "samba-tool dns zonecreate: error: >>>> invalid -k option value: KERBEROS" >>>> >>>> I am completely unfamiliar with Kerberos, so if this is a stupid >>>> mistake, forgive me. >>> >>> >>> No, it is not a stupid question, for 'KERBEROS' read 'no|yes|auto', >>> so to use kerberos with your command you need a ticket (which will >>> be 'krb5cc_0' in /tmp) and to add '-k yes' to the command. >>> >>> Rowland >>> >> >> Well, I tried with -k yes and still not working: >> >> #? samba-tool dns zonecreate janus.eglifamily.name >> 10.168.192.in-addr.arpa -k yes >> Failed to bind to uuid 50abc2a4-574d-40b3-9d66-ee4fd5fba076 for >> ncacn_ip_tcp:2600:100e:b1df:d0d3:20c:29ff:fed0:8fed[49153,sign,target_hostname=janus.eglifamily.name,abstract_syntax=50abc2a4-574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=2600:100e:b1df:d0d3:20c:29ff:fed0:8fed] >> NT_STATUS_UNSUCCESSFUL >> ERROR: Connecting to DNS RPC server janus.eglifamily.name failed with >> (3221225473, '{Operation Failed} The requested operation was >> unsuccessful.') >> >> # klist >> Ticket cache: FILE:/tmp/krb5cc_0 >> Default principal: Administrator at EGLIFAMILY.NAME >> >> Valid starting???? Expires??????????? Service principal >> 02/06/21 13:12:17? 02/06/21 23:12:17 >> krbtgt/EGLIFAMILY.NAME at EGLIFAMILY.NAME >> ??????? renew until 02/07/21 13:12:10 >> 02/06/21 15:25:06? 02/06/21 23:12:17 >> host/JANUS.EGLIFAMILY.NAME at EGLIFAMILY.NAME >> >> I'm open to the next suggestion. > > > Have you set this DC to use itself as its nameserver ? > > I would check your DNS settings. > > Try replacing? the server name 'janus.eglifamily.name' with the DC's > ipaddress and if that fails replace the '-k yes' with -UAdministrator > and see if the password works. > > Rowland > > >
Yes, the resolv.conf points to 192.168.10.3 which is janus. #? cat /etc/resolv.conf nameserver 192.168.10.3 search eglifamily.name # host janus janus.eglifamily.name has address 192.168.10.3 # samba-tool dns zonecreate 192.168.10.3 10.168.182.in-addr.arpa -UAdministrator%%<password> Failed to bind to uuid 50abc2a4-574d-40b3-9d66-ee4fd5fba076 for ncacn_ip_tcp:192.168.10.3[49153,sign,abstract_syntax=50abc2a4-574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=192.168.10.3] NT_STATUS_LOGON_FAILURE ERROR: Connecting to DNS RPC server 192.168.10.3 failed with (3221225581, 'The attempted logon is invalid. This is either due to a bad username or authentication information.') On 2/6/2021 3:45 PM, Rowland penny via samba wrote:> On 06/02/2021 22:27, Dan Egli wrote: >> >> On 2/6/2021 1:51 PM, Rowland penny via samba wrote: >>> On 06/02/2021 20:43, Dan Egli wrote: >>>> I tried the -k, and no go. If I just put -k at the end it says -k >>>> needs a paramater. Looking in the man page it says -k KERBEROS, so >>>> I did, and now samba-tool says "samba-tool dns zonecreate: error: >>>> invalid -k option value: KERBEROS" >>>> >>>> I am completely unfamiliar with Kerberos, so if this is a stupid >>>> mistake, forgive me. >>> >>> >>> No, it is not a stupid question, for 'KERBEROS' read 'no|yes|auto', >>> so to use kerberos with your command you need a ticket (which will >>> be 'krb5cc_0' in /tmp) and to add '-k yes' to the command. >>> >>> Rowland >>> >> >> Well, I tried with -k yes and still not working: >> >> #? samba-tool dns zonecreate janus.eglifamily.name >> 10.168.192.in-addr.arpa -k yes >> Failed to bind to uuid 50abc2a4-574d-40b3-9d66-ee4fd5fba076 for >> ncacn_ip_tcp:2600:100e:b1df:d0d3:20c:29ff:fed0:8fed[49153,sign,target_hostname=janus.eglifamily.name,abstract_syntax=50abc2a4-574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=2600:100e:b1df:d0d3:20c:29ff:fed0:8fed] >> NT_STATUS_UNSUCCESSFUL >> ERROR: Connecting to DNS RPC server janus.eglifamily.name failed with >> (3221225473, '{Operation Failed} The requested operation was >> unsuccessful.') >> >> # klist >> Ticket cache: FILE:/tmp/krb5cc_0 >> Default principal: Administrator at EGLIFAMILY.NAME >> >> Valid starting???? Expires??????????? Service principal >> 02/06/21 13:12:17? 02/06/21 23:12:17 >> krbtgt/EGLIFAMILY.NAME at EGLIFAMILY.NAME >> ??????? renew until 02/07/21 13:12:10 >> 02/06/21 15:25:06? 02/06/21 23:12:17 >> host/JANUS.EGLIFAMILY.NAME at EGLIFAMILY.NAME >> >> I'm open to the next suggestion. > > > Have you set this DC to use itself as its nameserver ? > > I would check your DNS settings. > > Try replacing? the server name 'janus.eglifamily.name' with the DC's > ipaddress and if that fails replace the '-k yes' with -UAdministrator > and see if the password works. > > Rowland > > >