similar to: dns_tkey_gssnegotiate: TKEY is unacceptable

Ok, with the smb.conf change and then samba_dnsupdate --rpc-server-ip=192.168.177.19 --use-samba-tool --verbose I got no error messages. Shall I now revert the change? Monitor? At present samba_dnsupdate has nothing to do.. Thanks, Joachim -----Urspr?ngliche Nachricht----- Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Rowland penny via samba Gesendet: Monday, 12 August

On 03/07/2020 14:39, Robert E. Wooden via samba wrote: > As the subject says, dns_tkey_gssnegotiate: TKEY is unacceptable. > > I have internet searched for solutions. > > I have done everything on > /wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable/ > and I am still getting: > > At the end of "root at dc01:~# samba_dnsupdate --verbose

On 7/3/2020 9:15 AM, Rowland penny via samba wrote: > No, might as well tell you now, it's relevant. Samba moved the keytab > to the 'bind-dns' directory sometime ago, so you should be using the > keytab in the bind-dns directory, which will mean altering the > named.conf files if you are using Bind9 Yes, I saw that during setup. I had to "think thru"

On 03/07/2020 15:24, Robert E. Wooden via samba wrote: > On 7/3/2020 9:15 AM, Rowland penny via samba wrote: >> No, might as well tell you now, it's relevant. Samba moved the keytab >> to the 'bind-dns' directory sometime ago, so you should be using the >> keytab in the bind-dns directory, which will mean altering the >> named.conf files if you are using

On 7/3/2020 9:31 AM, Rowland penny via samba wrote: > Does 'sudo rm -f /var/lib/samba/private/dns.keytab' give you any hint > to which is the correct keytab ? > > Rowland > While waiting for your reply, I began checking my BIND9 setup. Having used many of Louis' "sed" strings instructions, one those strings direct "tkey-gssapi-keytab" to use

On 03/07/2020 15:40, Robert E. Wooden via samba wrote: > On 7/3/2020 9:31 AM, Rowland penny via samba wrote: >> Does 'sudo rm -f /var/lib/samba/private/dns.keytab' give you any hint >> to which is the correct keytab ? >> >> Rowland >> > While waiting for your reply, I began checking my BIND9 setup. > > Having used many of Louis'

As the subject says, dns_tkey_gssnegotiate: TKEY is unacceptable. I have internet searched for solutions. I have done everything on /wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable/ and I am still getting: At the end of "root at dc01:~# samba_dnsupdate --verbose --all-names": dns_tkey_gssnegotiate: TKEY is unacceptable Failed nsupdate: 1 Failed update of 29

On 7/3/2020 8:58 AM, Rowland penny via samba wrote: > Please do not use '127.0.0.1' as a nameserver, use the DC's ipaddress > instead. I have corrected this as you have suggested. > > You might be looking at the wrong keytab, do you have: > > /var/lib/samba/bind-dns/dns.keytab > > Rowland > Yes, I do (why two dns.keytab . . . a question for later) have

On 06/07/2020 16:05, Robert E. Wooden via samba wrote: > > Why has one installation not created a ".../bind-dns/dns.keytab" file > and yet the other has? > > I followed the same "steps" during installation on both. > I am coming to the conclusion that if you upgrade from one major Samba version to another, then upgrading in place isn't really a good

Call me dense, but now I am more confused. I have tried with and without quotes ... all over the place (i.e. in the smb.config and on the command line) and everything still results in errors, although not always exactly the same. Messing with the command line results in things like this: ERROR(runtime): uncaught exception - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')   File

Okay, because you are not wrong ... One more time before I move forward with this. The smb.conf is now: # Global parameters [global]         bind interfaces only = Yes         interfaces = lo eno1         netbios name = DC01         realm = CORP.<DOMAIN>.COM         server role = active directory domain controller         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,

On 7/3/2020 10:01 AM, Robert E. Wooden via samba wrote: > On 7/3/2020 9:50 AM, Rowland penny via samba wrote: >> Originally, Samba used /var/lib/samba/private for the dns.keytab and >> other dns files. This was then found to be possibly insecure, so it >> was decided to use /var/lib/samba/bind-dns instead. When you upgrade >> the Samba packages, the old files are not

On 7/3/2020 9:50 AM, Rowland penny via samba wrote: > I thought I explained that, but lets try again ;-) > > Originally, Samba used /var/lib/samba/private for the dns.keytab and > other dns files. This was then found to be possibly insecure, so it > was decided to use /var/lib/samba/bind-dns instead. When you upgrade > the Samba packages, the old files are not removed, but the

Hi, I have a test system with two DCs based on samba v 4.8.0 with BIND9_DLZ as the dns backend running on a fresh install of Gentoo. I can't get DNS Updates to work on both DCs. If I issue the command: samba_dnsupdate --verbose after the 2nd DC has joined the domain I get the errors (just showing the last entry): update(nsupdate): SRV

On 12/08/2019 20:19, Joachim Lindenberg wrote: > Hi Rowland, > did read, actually cited the page it myself, but didn?t help me to identify the cause. > Kerberos credentials exists, dns users exists, file permission are correct. So either that is insufficient or I am blind.. > Regards, Joachim > > -----Urspr?ngliche Nachricht----- > Von: samba <samba-bounces at

I have installed and configured a Samba version 4.9.4 first in forest AD DC on a clean, updated installation of Ubuntu 18.04 running BIND 9.11.3-1ubuntu1.3-Ubuntu ... built by make with ... '--with-gssapi=/usr' ...  '--sysconfdir=/etc' ... '--sysconfdir=/etc/bind' .... I am following the Samba Wiki for guidiance. The installation proceeded without error in all tests until I

Dear Samba experts, Since a couple of days I am trying to fix my domain. I have each two ADDCs on raspis on two sites. One is running on Raspian and works fine. The other three are on Gentoo and something is broken there. When I point the name resolution in resolv.conf to the Raspian machine the dynamic updates are just working fine: # horus /srv/samba/demoshare # samba_dnsupdate --verbose

I installed a third DC today. Replication works find, but as systemctl status samba-ad-dc showed an error w.r.t. dnsupdate I was running samba_dnsupdate ?verbose. Below is the output. It looks like there are some missing DNS records, but what are potential causes of this error: dns_tkey_gssnegotiate: TKEY is unacceptable I already checked what?s listed @

I'm having trouble with nsupdates.  I'm getting TKEY is unacceptable. I'm using Fedora 29, with its packages: [root at dc2 kwhite]# rpm -qa | grep samba samba-4.9.4-1.fc29.x86_64 samba-dc-bind-dlz-4.9.4-1.fc29.x86_64 samba-common-4.9.4-1.fc29.noarch samba-libs-4.9.4-1.fc29.x86_64 samba-dc-libs-4.9.4-1.fc29.x86_64 samba-winbind-4.9.4-1.fc29.x86_64 samba-common-libs-4.9.4-1.fc29.x86_64

Solved that by chowing the file used on /etc/bind/named.conf.options >> tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab"; chown bind.root /var/lib/samba/private/dns.keytab I am using debian.