samba - Sep 2022 - Dns tkey negotiategss: TKEY is unacceptable - potential fix included

> What version of Samba are you using ?
I am on latest gentoo ebuild version 4.16.4 currently.

 > However it looks like you are correct, there is code to create the
 > 'dns-host' user, even if it may be incorrect, there is code to
create
 > the dnsadmins group, but there doesn't seem to be code to add the user
 > to the group.

Well I have included the description as packages of distributions might 
differ. So line numbering might be different too. Not sure which 
modifications are applied by Gentoo. However I found many reports across 
the internet facing the same problems and instructions on 
<https://wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable>
not working. So I am quite sure others face the same problem as well. So 
they do get a non-working "dns-host.DOMAIN.tld" user created instead 
of
"dns-host" and it fails to be added to the right security group.

Sure it's possible I am the only one with this specific problem but at 
least the Gentoo Python code seems to suffer from some upper/lowercase 
matching flaws. If this is not an upstream problem I am happy to report 
this to Gentoo package maintainers. However I expected those Python 
modules to be maintained upstream as also the samba_upgradedns tool is 
not introduced by Gentoo but actually part of Samba 4.

Moreover I believe this should be pretty simple to fix.

Correct me if I am wrong here.


best regards,
Rainer

On 28/09/2022 12:27, Rainer Meier via samba wrote:
>  > What version of Samba are you using ?
> 
> I am on latest gentoo ebuild version 4.16.4 currently.
> 
>  > However it looks like you are correct, there is code to create the
>  > 'dns-host' user, even if it may be incorrect, there is code
to create
>  > the dnsadmins group, but there doesn't seem to be code to add the
user
>  > to the group.
> 
> Well I have included the description as packages of distributions might 
> differ. So line numbering might be different too. Not sure which 
> modifications are applied by Gentoo. However I found many reports across 
> the internet facing the same problems and instructions on 
>
<https://wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable>
> not working. So I am quite sure others face the same problem as well. So 
> they do get a non-working "dns-host.DOMAIN.tld" user created
instead? of
> "dns-host" and it fails to be added to the right security group.
> 
> Sure it's possible I am the only one with this specific problem but at 
> least the Gentoo Python code seems to suffer from some upper/lowercase 
> matching flaws. If this is not an upstream problem I am happy to report 
> this to Gentoo package maintainers. However I expected those Python 
> modules to be maintained upstream as also the samba_upgradedns tool is 
> not introduced by Gentoo but actually part of Samba 4.
It sounds like there is something going on here, the python scripts are 
usually used verbatim and the provision __init.py__ script, for a least 
the last two years, has the line in question near the top (around line 
260, to be precise).

Can I have a copy of the __init.py__ that is giving you the problem ?
Just send it to me directly at 'rpenny @ samba . org' (just remove the 
spaces)
> 
> Moreover I believe this should be pretty simple to fix.
It sounds that way.

Rowland
> 
> Correct me if I am wrong here.
> 
> 
> best regards,
> Rainer
>