similar to: DC2: TKEY is unacceptable, Failed DNS update?

I installed two virtual machines with Samba as domain controllers for the same domain. I was struggling with network and DNS configuration initially, maybe my problem is related. DC1 starts up ok, the last line of the log reads STATUS=daemon 'samba' finished starting up and ready to serve connections DC2 starts with plenty of lines [2016/05/15 22:00:32.744910, 0]

Hi Mathias, thanks for the hint. My interpretation so far was that complex involves managing any data in addition to what the AD is supposed to manage anyway. Anyway, I tried to follow your advice, but not to success so far. On Ubuntu 16.04, bind is running under the user bind instead of root, and app armor is active. I figured out how to change both and bind starts successfully and answers

Hi Mathias, Once more: Thanks for your support and guidance! Actually I reconfigured only the first DC initially, assuming that the second join asks me as does the initial one - wrong assumption. My take is the tools could be improved, e.g. : join of DC2 adds DNS record of DC2 to DC1 and verifies it is replicated before claiming success... looking in all the tools and logs for errors is tedious at

Hi, Are you using Samba's internal DNS or Bind? If you are using Bind9_DLZ as dns-backend it should be a right issue on files used by Bind itself (ie private/dns.keytab, private/named.conf, private/dns or private/dns/* and of course private itself). If you are running internal DNS as backend, you can change that parameter into smb.conf: from: allow dns updates = secure only (default, not

So you have 2 DC using BIND9_DLZ as dns backend, they both answer DNS from clients. Am I right? If yes, how are configured your client DNS resolvers? Resolver on clients should be aiming one of your DC (or the two of them in case of DC downtime). NOTE: "should" only because you could make clients using your company DNS servers as resolvers if these DNS servers knows how to forward

On Thu, 2016-05-26 at 17:32 +0200, Jo wrote: > Hi Marc, > I appreciate that you reply, but I got it resolved by following the > advice of Mathias. I was aware of the links below, however the first > is about using the BIND9_DLZ backend, and at the time I experienced > the issue I was using the internal one. > Marc & Mathias, > The 2nd link that Marc references is about a

Ok, with the smb.conf change and then samba_dnsupdate --rpc-server-ip=192.168.177.19 --use-samba-tool --verbose I got no error messages. Shall I now revert the change? Monitor? At present samba_dnsupdate has nothing to do.. Thanks, Joachim -----Urspr?ngliche Nachricht----- Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Rowland penny via samba Gesendet: Monday, 12 August

On Wed, 2 May 2018 13:54:01 +0200 Stefan Kania via samba <samba at lists.samba.org> wrote: > Hello, > we have the following problem with a ADDC Sernet 4.7.6-11 on CentOS > 7.4. We have two DCs, replication is working fine. We use bind9 as > dns-backend. When we do a "samba_dnsupdate --all-names" we get the > following messages: > ------------------- > [root at

is the time in sync on your servers ? >-----Oorspronkelijk bericht----- >Van: samba [mailto:samba-bounces at lists.samba.org] Namens Roel van Meer >Verzonden: donderdag 6 augustus 2015 9:28 >Aan: samba at lists.samba.org >Onderwerp: Re: [Samba] 2nd DC, internal DNS: >dns_tkey_negotiategss: TKEY is unacceptable > >L.P.H. van Belle writes: > >> check the rights

Hello, we have the following problem with a ADDC Sernet 4.7.6-11 on CentOS 7.4. We have two DCs, replication is working fine. We use bind9 as dns-backend. When we do a "samba_dnsupdate --all-names" we get the following messages: ------------------- [root at dc1 ~]# samba_dnsupdate --all-names dns_tkey_negotiategss: TKEY is unacceptable dns_tkey_negotiategss: TKEY is unacceptable

check the rights on : /var/lib/samba/private/dns.keytab 640 root:bind /var/lib/samba/private/dns 750 root:bind /var/lib/samba/private/sam.ldb.d 750 root:bind Greetz, Louis >-----Oorspronkelijk bericht----- >Van: samba [mailto:samba-bounces at lists.samba.org] Namens Roel van Meer >Verzonden: donderdag 6 augustus 2015 8:55 >Aan: samba at lists.samba.org >Onderwerp: [Samba] 2nd

On 2015-08-06 18:55, Roel van Meer wrote: > Hi everyone, > > I'm testing with a Samba4 AD network, and I have some problems with > DNS on the second DC, with which I could use a bit of your help. > > I have an AD with two DC's, both Samba 4.2.3. On the first DC, > samba_dnsupdate works fine. With stock 4.2.3 I get the error > > "TSIG error with

On 06/08/15 09:08, Roel van Meer wrote: > L.P.H. van Belle writes: > >> is the time in sync on your servers ? > > Yes it is. > > I managed to make it work by specifying the primary DC as nameserver > in /etc/resolv.conf of the secondary DC. As soon as I do that, > samba_dnsupdate works on the secondary. When I change it back to use > the local Samba as resolver,

L.P.H. van Belle writes: > check the rights on : > /var/lib/samba/private/dns.keytab 640 root:bind > /var/lib/samba/private/dns 750 root:bind > /var/lib/samba/private/sam.ldb.d 750 root:bind I'm using the internal DNS on both DC's, so I guess bind access rights aren't the issue. Thanks for your answer though :) Regards, Roel > >-----Oorspronkelijk

L.P.H. van Belle writes: > is the time in sync on your servers ? Yes it is. I managed to make it work by specifying the primary DC as nameserver in /etc/resolv.conf of the secondary DC. As soon as I do that, samba_dnsupdate works on the secondary. When I change it back to use the local Samba as resolver, it no longer works. So it is a DNS issue (possibly related to replication

Dear all, after succesfull joining my new samba 4 DC to the domain. There is an error on using, samba_dnsupdate --verbose --all-names On the new joined dc: dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 How can I fix it!? Dnsupdate on the Master is running well. [root at s4slave etc]# samba_dnsupdate --verbose --all-names IPs: ['192.168.135.253'] Skipping PDC entry (SRV

To regenerate dns.keytab I expect you only need to relaunch samba_upgradedns --dns-backend=BIND9_DLZ. If I'm wrong (it happens quiet often) you would have to first launch: samba_upgradedns --dns-backend=SAMBA_INTERNAL and then samba_upgradedns --dns-backend=BIND9_DLZ Here you should have a dns.keytab. Now, right issues: dns related files in samba/private must be accessible to the UNIX user

Hi everyone, I'm testing with a Samba4 AD network, and I have some problems with DNS on the second DC, with which I could use a bit of your help. I have an AD with two DC's, both Samba 4.2.3. On the first DC, samba_dnsupdate works fine. With stock 4.2.3 I get the error "TSIG error with server: tsig verify failure" but the DNS updates succeed anyway, and after applying

On 30/12/15 18:19, Carlos A. P. Cunha wrote: > Hello! > I've got this error > dns_tkey_negotiategss: TKEY is unacceptable > > when running samba_dnsupdate --verbose > > With this error dynamic entries stopped working as Type A machines > that entered in the field or entry to a new DC. > > Already tried the step described here > >

On 30/12/15 18:19, Carlos A. P. Cunha wrote: > Hello! > I've got this error > dns_tkey_negotiategss: TKEY is unacceptable > > when running samba_dnsupdate --verbose > > With this error dynamic entries stopped working as Type A machines > that entered in the field or entry to a new DC. > > Already tried the step described here > >