Displaying 20 results from an estimated 40000 matches similar to: "Samba4 AD with bind DNS / TKEY is unacceptable"
2013 Sep 11
2
Samba4 AD with bind DNS / TKEY is unacceptable
Hi,
i try to migrate an existing W2k3 AD to Samba4 with bind.
Everything works fine, but dnsupdate fails with error:
"dns_tkey_negotiategss: TKEY is unaccepteable".
I found a lot of discussions around this topic, but no solution.
Envirenment:
OS: SLES11 SP3 with bind 9.9.3P2
Samba Packages from Servet: sernet-samba-4.0.9-5.suse111
I checked the following Points:
After joining the
2018 May 02
2
samba_dnsupdate --all-names -> dns_tkey_negotiategss: TKEY is unacceptable
Hello,
we have the following problem with a ADDC Sernet 4.7.6-11 on CentOS 7.4.
We have two DCs, replication is working fine. We use bind9 as
dns-backend. When we do a "samba_dnsupdate --all-names" we get the
following messages:
-------------------
[root at dc1 ~]# samba_dnsupdate --all-names
dns_tkey_negotiategss: TKEY is unacceptable
dns_tkey_negotiategss: TKEY is unacceptable
2020 Jul 06
0
dns_tkey_gssnegotiate: TKEY is unacceptable
On 7/3/2020 10:01 AM, Robert E. Wooden via samba wrote:
> On 7/3/2020 9:50 AM, Rowland penny via samba wrote:
>> Originally, Samba used /var/lib/samba/private for the dns.keytab and
>> other dns files. This was then found to be possibly insecure, so it
>> was decided to use /var/lib/samba/bind-dns instead. When you upgrade
>> the Samba packages, the old files are not
2023 Mar 28
0
dns_tkey_gssnegotiate: TKEY is unacceptable
My OS is Ubuntu 20.04, with Samba version 4.15.13. bind is 9.16
I have an existing domain controller (compumaxdc01) and joined another
(compumaxdc03) to act as a secondary/back according to the
instructions on the wiki here
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory
Both are using bind-dns as the backend, so I've made sure to not use
the dns.keytab in
2020 Jul 03
2
dns_tkey_gssnegotiate: TKEY is unacceptable
On 7/3/2020 9:31 AM, Rowland penny via samba wrote:
> Does 'sudo rm -f /var/lib/samba/private/dns.keytab' give you any hint
> to which is the correct keytab ?
>
> Rowland
>
While waiting for your reply, I began checking my BIND9 setup.
Having used many of Louis' "sed" strings instructions, one those strings
direct "tkey-gssapi-keytab" to use
2014 Feb 12
1
TKEY is unacceptable
Samba 4.1.1 using BIND_DLZ (bind-9.9.1-0.1.P2) on CentOS 6.5 x86_64.
I have two domain controllers, dc-1 and dc-2, which each have three
network interfaces. Selinux is in permissive mode, and iptables is off.
One interface on each dc is to be shut down. So, on dc-1, I do:
# nsupdate -g
update delete europa.icse.cornell.edu A 192.168.3.250
update delete europa.icse.cornell.edu A 192.168.3.251
2013 Sep 06
0
Samba 4 "TKEY is unacceptable" driving me NUTS!
I've installed Samba 4.09 on ubuntu with bind 9.8.1-P1, the former compiled from git source and the latter installed from apt-get. I'm migrating from an existing Windows 2008 SBS domain controller that I want to retire (and be Windows free on the server side), and have followed the instructions on the Samba wiki for setting up Bind and migrating.
When I run a samba_dnsupate -verbose
2020 Jul 03
0
dns_tkey_gssnegotiate: TKEY is unacceptable
On 03/07/2020 15:40, Robert E. Wooden via samba wrote:
> On 7/3/2020 9:31 AM, Rowland penny via samba wrote:
>> Does 'sudo rm -f /var/lib/samba/private/dns.keytab' give you any hint
>> to which is the correct keytab ?
>>
>> Rowland
>>
> While waiting for your reply, I began checking my BIND9 setup.
>
> Having used many of Louis'
2018 May 02
0
samba_dnsupdate --all-names -> dns_tkey_negotiategss: TKEY is unacceptable
On Wed, 2 May 2018 13:54:01 +0200
Stefan Kania via samba <samba at lists.samba.org> wrote:
> Hello,
> we have the following problem with a ADDC Sernet 4.7.6-11 on CentOS
> 7.4. We have two DCs, replication is working fine. We use bind9 as
> dns-backend. When we do a "samba_dnsupdate --all-names" we get the
> following messages:
> -------------------
> [root at
2018 Mar 15
0
DNS Updates fail with dns_tkey_gssnegotiate: TKEY is unacceptable
Hi,
I have a test system with two DCs based on samba v 4.8.0 with BIND9_DLZ as the
dns backend running on a fresh install of Gentoo. I can't get DNS Updates to
work on both DCs. If I issue the command: samba_dnsupdate --verbose after the
2nd DC has joined the domain I get the errors (just showing the last entry):
update(nsupdate): SRV
2011 Jun 21
1
tkey-gssapi-credential and bind (Samba4)
So I am in step 10 of the samba4 howto
(https://wiki.samba.org/index.php/Samba4/HOWTO#Step_10_Configure_kerberos_DNS_dynamic_updates);
my bind9 is 9.7.3 which seems to be current enough for this. In it we
are to add
tkey-gssapi-credential "DNS/samdom.example.com";
tkey-domain "SAMDOM.EXAMPLE.COM";
to /etc/bind/named.conf.options. Since my test domain is
test.domain.com,
2015 Aug 06
0
2nd DC, internal DNS: dns_tkey_negotiategss: TKEY is unacceptable
is the time in sync on your servers ?
>-----Oorspronkelijk bericht-----
>Van: samba [mailto:samba-bounces at lists.samba.org] Namens Roel van Meer
>Verzonden: donderdag 6 augustus 2015 9:28
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] 2nd DC, internal DNS:
>dns_tkey_negotiategss: TKEY is unacceptable
>
>L.P.H. van Belle writes:
>
>> check the rights
2015 Aug 06
0
2nd DC, internal DNS: dns_tkey_negotiategss: TKEY is unacceptable
check the rights on :
/var/lib/samba/private/dns.keytab 640 root:bind
/var/lib/samba/private/dns 750 root:bind
/var/lib/samba/private/sam.ldb.d 750 root:bind
Greetz,
Louis
>-----Oorspronkelijk bericht-----
>Van: samba [mailto:samba-bounces at lists.samba.org] Namens Roel van Meer
>Verzonden: donderdag 6 augustus 2015 8:55
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] 2nd
2019 Feb 26
1
AD-DC Bind: TKEY is unacceptable
I'm having trouble with nsupdates. I'm getting TKEY is unacceptable.
I'm using Fedora 29, with its packages:
[root at dc2 kwhite]# rpm -qa | grep samba
samba-4.9.4-1.fc29.x86_64
samba-dc-bind-dlz-4.9.4-1.fc29.x86_64
samba-common-4.9.4-1.fc29.noarch
samba-libs-4.9.4-1.fc29.x86_64
samba-dc-libs-4.9.4-1.fc29.x86_64
samba-winbind-4.9.4-1.fc29.x86_64
samba-common-libs-4.9.4-1.fc29.x86_64
2012 Dec 09
1
Fwd: samba_dnsupdate principal and TKEY unacceptable
Hi,
I am trying to run samba with bind_dlz (bind-9.9.1 - P1) on a multi-homed
network. I have configured the setup as per Samba4 Howto.
But when I try to do "samba_dnsupdate --all-names" it fails with error:
dns_tkey_negotiategss: TKEY is unacceptable
The kerberos ticket being used by samba_dnsupdate shows follwoing
principals:
klist -c /tmp/tmp6cxfgY
Ticket cache: FILE:/tmp/tmp6cxfgY
2015 Aug 06
0
2nd DC, internal DNS: dns_tkey_negotiategss: TKEY is unacceptable - SOLVED
On 06/08/15 09:08, Roel van Meer wrote:
> L.P.H. van Belle writes:
>
>> is the time in sync on your servers ?
>
> Yes it is.
>
> I managed to make it work by specifying the primary DC as nameserver
> in /etc/resolv.conf of the secondary DC. As soon as I do that,
> samba_dnsupdate works on the secondary. When I change it back to use
> the local Samba as resolver,
2020 Jul 03
0
dns_tkey_gssnegotiate: TKEY is unacceptable
On 03/07/2020 14:39, Robert E. Wooden via samba wrote:
> As the subject says, dns_tkey_gssnegotiate: TKEY is unacceptable.
>
> I have internet searched for solutions.
>
> I have done everything on
> /wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable/
> and I am still getting:
>
> At the end of "root at dc01:~# samba_dnsupdate --verbose
2020 Jul 03
2
dns_tkey_gssnegotiate: TKEY is unacceptable
As the subject says, dns_tkey_gssnegotiate: TKEY is unacceptable.
I have internet searched for solutions.
I have done everything on
/wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable/
and I am still getting:
At the end of "root at dc01:~# samba_dnsupdate --verbose --all-names":
dns_tkey_gssnegotiate: TKEY is unacceptable
Failed nsupdate: 1
Failed update of 29
2016 May 23
0
DC2: TKEY is unacceptable, Failed DNS update?
Hi,
Are you using Samba's internal DNS or Bind?
If you are using Bind9_DLZ as dns-backend it should be a right issue on
files used by Bind itself (ie private/dns.keytab, private/named.conf,
private/dns or private/dns/* and of course private itself).
If you are running internal DNS as backend, you can change that parameter
into smb.conf:
from: allow dns updates = secure only (default, not
2012 Sep 29
1
Samba4 LDAP returns wrong responses in some cases, BIND-DLZ refuses to update
Hello.
We have a couple of questions regarding Samba 4.1.0pre1-GIT-aad669b running on Gentoo GNU/Linux
1) Is MS 1.2.840.113556.1.4.1941 operator support implemented (planned to be implemented) in Samba 4 internal LDAP server? Please compare:
$ ldapsearch -h 192.168.1.32 -x -D 'CN=someadminuser,OU=Administrators,DC=klin,DC=kifato-mk,DC=com' -b