search for: dns_tkey_gssnegoti

...r? At present samba_dnsupdate has nothing to do.. Thanks, Joachim -----Urspr?ngliche Nachricht----- Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Rowland penny via samba Gesendet: Monday, 12 August 2019 21:26 An: sambalist <samba at lists.samba.org> Betreff: Re: [Samba] dns_tkey_gssnegotiate: TKEY is unacceptable On 12/08/2019 20:19, Joachim Lindenberg wrote: > Hi Rowland, > did read, actually cited the page it myself, but didn?t help me to identify the cause. > Kerberos credentials exists, dns users exists, file permission are correct. So either that is insufficient or I...

As the subject says, dns_tkey_gssnegotiate: TKEY is unacceptable. I have internet searched for solutions. I have done everything on /wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable/ and I am still getting: At the end of "root at dc01:~# samba_dnsupdate --verbose --all-names": dns_tkey_gssnegotiate: TK...

On 03/07/2020 14:39, Robert E. Wooden via samba wrote: > As the subject says, dns_tkey_gssnegotiate: TKEY is unacceptable. > > I have internet searched for solutions. > > I have done everything on > /wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable/ > and I am still getting: > > At the end of "root at dc01:~# samba_dnsupdate --verbose --all-na...

...t is insufficient or I am blind.. > Regards, Joachim > > -----Urspr?ngliche Nachricht----- > Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Rowland penny via samba > Gesendet: Monday, 12 August 2019 21:14 > An: samba at lists.samba.org > Betreff: Re: [Samba] dns_tkey_gssnegotiate: TKEY is unacceptable > > On 12/08/2019 19:49, Joachim Lindenberg via samba wrote: >> I installed a third DC today. Replication works find, but as systemctl status samba-ad-dc showed an error w.r.t. dnsupdate I was running samba_dnsupdate ?verbose. >> >> Below is the outp...

I installed a third DC today. Replication works find, but as systemctl status samba-ad-dc showed an error w.r.t. dnsupdate I was running samba_dnsupdate ?verbose. Below is the output. It looks like there are some missing DNS records, but what are potential causes of this error: dns_tkey_gssnegotiate: TKEY is unacceptable I already checked what?s listed @ https://wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable and https://wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable#Verifying_That_the_BIND_AD_Account_Exists_for_the_DC. What else? Thanks, Joa...

On 7/3/2020 9:15 AM, Rowland penny via samba wrote: > No, might as well tell you now, it's relevant. Samba moved the keytab > to the 'bind-dns' directory sometime ago, so you should be using the > keytab in the bind-dns directory, which will mean altering the > named.conf files if you are using Bind9 Yes, I saw that during setup. I had to "think thru"

On 03/07/2020 15:24, Robert E. Wooden via samba wrote: > On 7/3/2020 9:15 AM, Rowland penny via samba wrote: >> No, might as well tell you now, it's relevant. Samba moved the keytab >> to the 'bind-dns' directory sometime ago, so you should be using the >> keytab in the bind-dns directory, which will mean altering the >> named.conf files if you are using

On 7/3/2020 9:31 AM, Rowland penny via samba wrote: > Does 'sudo rm -f /var/lib/samba/private/dns.keytab' give you any hint > to which is the correct keytab ? > > Rowland > While waiting for your reply, I began checking my BIND9 setup. Having used many of Louis' "sed" strings instructions, one those strings direct "tkey-gssapi-keytab" to use

On 03/07/2020 15:40, Robert E. Wooden via samba wrote: > On 7/3/2020 9:31 AM, Rowland penny via samba wrote: >> Does 'sudo rm -f /var/lib/samba/private/dns.keytab' give you any hint >> to which is the correct keytab ? >> >> Rowland >> > While waiting for your reply, I began checking my BIND9 setup. > > Having used many of Louis'

On 7/3/2020 8:58 AM, Rowland penny via samba wrote: > Please do not use '127.0.0.1' as a nameserver, use the DC's ipaddress > instead. I have corrected this as you have suggested. > > You might be looking at the wrong keytab, do you have: > > /var/lib/samba/bind-dns/dns.keytab > > Rowland > Yes, I do (why two dns.keytab . . . a question for later) have

On 06/07/2020 16:05, Robert E. Wooden via samba wrote: > > Why has one installation not created a ".../bind-dns/dns.keytab" file > and yet the other has? > > I followed the same "steps" during installation on both. > I am coming to the conclusion that if you upgrade from one major Samba version to another, then upgrading in place isn't really a good

...6-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 root at DC01:~# cat /etc/resolv.conf nameserver 192.168.0.41 ##nameserver 192.168.0.42 nameserver 192.168.0.50 search SUBDOM.EXAMPLE.COM root at DC01:~# samba_dnsupdate --verbose ?all-names/**//*<<< updates fail*/ dns_tkey_gssnegotiate: TKEY is unacceptable Failed nsupdate: 1 update(nsupdate): SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.SUBDOM.EXAMPLE.COM DC01.SUBDOM.EXAMPLE.COM 389 Calling nsupdate for SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.SUBDOM.EXAMPLE.COM DC01.SUBDOM.EXAMPLE.COM...

...ve done everything on /wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable/ https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Troubleshooting however no matter what I do, running "samba_dnsupdate --verbose --all-names" on the secondary always gets me the tkey error dns_tkey_gssnegotiate: TKEY is unacceptable Failed nsupdate: 1 Failed update of 28 entries here are the contents of the files -------------------- /etc/resolvconf/resolv.conf.d/base search thecompumax.com nameserver 192.168.2.3 (secondary) nameserver 192.168.2.1 (primary) nameserver 192.168.1.1 nameserver 127.0.0.53...

On 7/3/2020 9:50 AM, Rowland penny via samba wrote: > I thought I explained that, but lets try again ;-) > > Originally, Samba used /var/lib/samba/private for the dns.keytab and > other dns files. This was then found to be possibly insecure, so it > was decided to use /var/lib/samba/bind-dns instead. When you upgrade > the Samba packages, the old files are not removed, but the

Call me dense, but now I am more confused. I have tried with and without quotes ... all over the place (i.e. in the smb.config and on the command line) and everything still results in errors, although not always exactly the same. Messing with the command line results in things like this: ERROR(runtime): uncaught exception - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')   File

Okay, because you are not wrong ... One more time before I move forward with this. The smb.conf is now: # Global parameters [global]         bind interfaces only = Yes         interfaces = lo eno1         netbios name = DC01         realm = CORP.<DOMAIN>.COM         server role = active directory domain controller         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,

...nt argv[1] = add Jan 11 > 10:00:36 dc01 dhcpd[1704]: execute_statement argv[2] = 172.20.10.165 > Jan 11 10:00:36 dc01 dhcpd[1704]: execute_statement argv[3] = > 1:d4:be:d9:22:9f:7d Jan 11 10:00:36 dc01 dhcpd[1704]: > execute_statement argv[4] = mgmt01 Jan 11 10:00:36 dc01 sh[1704]: > dns_tkey_gssnegotiate: TKEY is unacceptable Jan 11 10:00:36 dc01 > sh[1704]: dns_tkey_gssnegotiate: TKEY is unacceptable Jan 11 10:00:36 > dc01 dhcpd[1704]: execute: /usr/local/bin/dhcp-dyndns.sh exit status > 2816 Jan 11 10:00:36 dc01 dhcpd[1704]: reuse_lease: lease age 364 > (secs) under 25% threshold,...

...10 15:46:23 dc01 sh[1208]: ;3756749263.sig-dc01.corp.<DOMAIN>.com. ANY        TKEY > Jan 10 15:46:23 dc01 sh[1208]: ;; ANSWER SECTION: > Jan 10 15:46:23 dc01 sh[1208]: 3756749263.sig-dc01.corp.<DOMAIN>.com. 0 ANY TKEY gss-tsig. 0 0 3 BADKEY 0  0 > Jan 10 15:46:23 dc01 sh[1208]: dns_tkey_gssnegotiate: TKEY is unacceptable > Jan 10 15:46:23 dc01 sh[1208]: Reply from SOA query: > Jan 10 15:46:23 dc01 sh[1208]: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id:   9273 > Jan 10 15:46:23 dc01 sh[1208]: ;; flags: qr aa ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0...

...oing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.samba4p8.example.com. 900 IN SRV 0 100 389 gentoo-dc2.samba4p8.example.com. dns_tkey_gssnegotiate: TKEY is unacceptable Failed nsupdate: 1 Failed update of 26 entries I have following the Wiki for troubleshooting this error and all seems OK: gentoo-dc2 ~ # ktutil -k /var/lib/samba/private/dns.keytab list /var/lib/samba/private/dns.keytab: Vno Type Principal Aliases...

...pd[1704]: execute_statement argv[1] = add Jan 11 10:00:36 dc01 dhcpd[1704]: execute_statement argv[2] = 172.20.10.165 Jan 11 10:00:36 dc01 dhcpd[1704]: execute_statement argv[3] = 1:d4:be:d9:22:9f:7d Jan 11 10:00:36 dc01 dhcpd[1704]: execute_statement argv[4] = mgmt01 Jan 11 10:00:36 dc01 sh[1704]: dns_tkey_gssnegotiate: TKEY is unacceptable Jan 11 10:00:36 dc01 sh[1704]: dns_tkey_gssnegotiate: TKEY is unacceptable Jan 11 10:00:36 dc01 dhcpd[1704]: execute: /usr/local/bin/dhcp-dyndns.sh exit status 2816 Jan 11 10:00:36 dc01 dhcpd[1704]: reuse_lease: lease age 364 (secs) under 25% threshold, reply with unaltered...