similar to: samba_dnsupdate --all-names -> dns_tkey_negotiategss: TKEY is unacceptable

On Wed, 2 May 2018 13:54:01 +0200 Stefan Kania via samba <samba at lists.samba.org> wrote: > Hello, > we have the following problem with a ADDC Sernet 4.7.6-11 on CentOS > 7.4. We have two DCs, replication is working fine. We use bind9 as > dns-backend. When we do a "samba_dnsupdate --all-names" we get the > following messages: > ------------------- > [root at

L.P.H. van Belle writes: > is the time in sync on your servers ? Yes it is. I managed to make it work by specifying the primary DC as nameserver in /etc/resolv.conf of the secondary DC. As soon as I do that, samba_dnsupdate works on the secondary. When I change it back to use the local Samba as resolver, it no longer works. So it is a DNS issue (possibly related to replication

L.P.H. van Belle writes: > check the rights on : > /var/lib/samba/private/dns.keytab 640 root:bind > /var/lib/samba/private/dns 750 root:bind > /var/lib/samba/private/sam.ldb.d 750 root:bind I'm using the internal DNS on both DC's, so I guess bind access rights aren't the issue. Thanks for your answer though :) Regards, Roel > >-----Oorspronkelijk

I found another reason for this error: dns_tkey_negotiategss: TKEY is unacceptable After much head scratching it was due to the Apparmour configuration recommended in the WiKi at: https://wiki.samba.org/index.php/BIND9_DLZ_AppArmor_and_SELinux_Integration The section for Apparmor which recommends adding lines to /etc/apparmor.d/local/usr.sbin.named, I had to change the line: from:

Hi everyone, I'm testing with a Samba4 AD network, and I have some problems with DNS on the second DC, with which I could use a bit of your help. I have an AD with two DC's, both Samba 4.2.3. On the first DC, samba_dnsupdate works fine. With stock 4.2.3 I get the error "TSIG error with server: tsig verify failure" but the DNS updates succeed anyway, and after applying

Hello! I've got this error dns_tkey_negotiategss: TKEY is unacceptable when running samba_dnsupdate --verbose With this error dynamic entries stopped working as Type A machines that entered in the field or entry to a new DC. Already tried the step described here https://wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable But when trying to delete the account used the

Hello I tried on two vms on my vmware Workstation to use samba as DC. I want use BIND for dns system. To join the Domain had worked successfully after I recompiled the bind. It seems the zone are the same but Samba isn't in the ns-record. If I run dcpromo.exe I get this error message: This Active Directory DC is the last dns-server for the AD-zones. If I remove the DC the dns-names

Many (many) hours later, I'm finally throwing in the towel and seeking help. I have read everything I can find on the internet to no avail to get past my issues. I have to say, I'm very disappointed in the general quality and fragmentation of information on this topic. Samba isn't a turn-key solution as an AD by any stretch of the imagination. I've run the gamut so far with

As the subject says, dns_tkey_gssnegotiate: TKEY is unacceptable. I have internet searched for solutions. I have done everything on /wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable/ and I am still getting: At the end of "root at dc01:~# samba_dnsupdate --verbose --all-names": dns_tkey_gssnegotiate: TKEY is unacceptable Failed nsupdate: 1 Failed update of 29

is the time in sync on your servers ? >-----Oorspronkelijk bericht----- >Van: samba [mailto:samba-bounces at lists.samba.org] Namens Roel van Meer >Verzonden: donderdag 6 augustus 2015 9:28 >Aan: samba at lists.samba.org >Onderwerp: Re: [Samba] 2nd DC, internal DNS: >dns_tkey_negotiategss: TKEY is unacceptable > >L.P.H. van Belle writes: > >> check the rights

On 06/08/15 09:08, Roel van Meer wrote: > L.P.H. van Belle writes: > >> is the time in sync on your servers ? > > Yes it is. > > I managed to make it work by specifying the primary DC as nameserver > in /etc/resolv.conf of the secondary DC. As soon as I do that, > samba_dnsupdate works on the secondary. When I change it back to use > the local Samba as resolver,

On 11/19/2015 9:44 AM, Thierry Hotelier wrote: > hello, > we've just upgraded from samba 3.6.6 to samba 4.3.0. We are using > INTERNAL as dns backend. We have 1 domain and 6 DCs on 5 different > sites. Replication between DCs is ok as we can see with "samba-tool > drs showrepl". We configured them like it is described on the wiki and > used the RSAT tool

check the rights on : /var/lib/samba/private/dns.keytab 640 root:bind /var/lib/samba/private/dns 750 root:bind /var/lib/samba/private/sam.ldb.d 750 root:bind Greetz, Louis >-----Oorspronkelijk bericht----- >Van: samba [mailto:samba-bounces at lists.samba.org] Namens Roel van Meer >Verzonden: donderdag 6 augustus 2015 8:55 >Aan: samba at lists.samba.org >Onderwerp: [Samba] 2nd

It's me again :-) Now we have DDNS with DHCP running but we have a problem on one of our two DCs. Btw we used the setup and the script from wiki. Doing a "dhclient" on a host we are getting the following messages: ------------- Mai 16 12:13:28 samba41 dhcpd[3961]: Commit: IP: 192.168.0.249 DHCID: 1:50:5b:5d:1c:ab:aa Name: horst Mai 16 12:13:28 samba41 dhcpd[3961]: execute_statement

Hi, I am trying to run samba with bind_dlz (bind-9.9.1 - P1) on a multi-homed network. I have configured the setup as per Samba4 Howto. But when I try to do "samba_dnsupdate --all-names" it fails with error: dns_tkey_negotiategss: TKEY is unacceptable The kerberos ticket being used by samba_dnsupdate shows follwoing principals: klist -c /tmp/tmp6cxfgY Ticket cache: FILE:/tmp/tmp6cxfgY

I have installed samba from source (I've tried both V4-0-stable and v4-1-stable) using BIND9_DLZ on Ubuntu server 13.04 and I'm unable to get samba_dnsupdate to function. # samba_dnsupdate --all-names --fail-immediately will return dns_tkey_negotiategss: TKEY is unacceptable If I then try nsupdate directly: nsupdate -g /tmp/tmpEk4_WK I also get: dns_tkey_negotiategss: TKEY is

On 2015-08-06 18:55, Roel van Meer wrote: > Hi everyone, > > I'm testing with a Samba4 AD network, and I have some problems with > DNS on the second DC, with which I could use a bit of your help. > > I have an AD with two DC's, both Samba 4.2.3. On the first DC, > samba_dnsupdate works fine. With stock 4.2.3 I get the error > > "TSIG error with

On 30/12/15 18:19, Carlos A. P. Cunha wrote: > Hello! > I've got this error > dns_tkey_negotiategss: TKEY is unacceptable > > when running samba_dnsupdate --verbose > > With this error dynamic entries stopped working as Type A machines > that entered in the field or entry to a new DC. > > Already tried the step described here > >

On 30/12/15 18:19, Carlos A. P. Cunha wrote: > Hello! > I've got this error > dns_tkey_negotiategss: TKEY is unacceptable > > when running samba_dnsupdate --verbose > > With this error dynamic entries stopped working as Type A machines > that entered in the field or entry to a new DC. > > Already tried the step described here > >

2 Small questions here. Pointing to itself with nameserver 127.0.0.1 or nameserver real_ip_of_DC Samba Internal DNS or Samba+Bind9_DLZ ? Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Peter Serbe via samba > Verzonden: woensdag 7 maart 2018 13:42 > Aan: samba at lists.samba.org > Onderwerp: [Samba]