Displaying 20 results from an estimated 700 matches similar to: "dns_tkey_gssnegotiate: TKEY is unacceptable"
2019 Aug 12
1
dns_tkey_gssnegotiate: TKEY is unacceptable
Ok, with the smb.conf change and then
samba_dnsupdate --rpc-server-ip=192.168.177.19 --use-samba-tool --verbose
I got no error messages.
Shall I now revert the change? Monitor? At present samba_dnsupdate has nothing to do..
Thanks, Joachim
-----Urspr?ngliche Nachricht-----
Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Rowland penny via samba
Gesendet: Monday, 12 August
2020 Jul 03
0
dns_tkey_gssnegotiate: TKEY is unacceptable
On 03/07/2020 14:39, Robert E. Wooden via samba wrote:
> As the subject says, dns_tkey_gssnegotiate: TKEY is unacceptable.
>
> I have internet searched for solutions.
>
> I have done everything on
> /wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable/
> and I am still getting:
>
> At the end of "root at dc01:~# samba_dnsupdate --verbose
2020 Jul 03
2
dns_tkey_gssnegotiate: TKEY is unacceptable
On 7/3/2020 9:15 AM, Rowland penny via samba wrote:
> No, might as well tell you now, it's relevant. Samba moved the keytab
> to the 'bind-dns' directory sometime ago, so you should be using the
> keytab in the bind-dns directory, which will mean altering the
> named.conf files if you are using Bind9
Yes, I saw that during setup. I had to "think thru"
2020 Jul 03
0
dns_tkey_gssnegotiate: TKEY is unacceptable
On 03/07/2020 15:24, Robert E. Wooden via samba wrote:
> On 7/3/2020 9:15 AM, Rowland penny via samba wrote:
>> No, might as well tell you now, it's relevant. Samba moved the keytab
>> to the 'bind-dns' directory sometime ago, so you should be using the
>> keytab in the bind-dns directory, which will mean altering the
>> named.conf files if you are using
2020 Jul 03
2
dns_tkey_gssnegotiate: TKEY is unacceptable
On 7/3/2020 9:31 AM, Rowland penny via samba wrote:
> Does 'sudo rm -f /var/lib/samba/private/dns.keytab' give you any hint
> to which is the correct keytab ?
>
> Rowland
>
While waiting for your reply, I began checking my BIND9 setup.
Having used many of Louis' "sed" strings instructions, one those strings
direct "tkey-gssapi-keytab" to use
2020 Jul 03
0
dns_tkey_gssnegotiate: TKEY is unacceptable
On 03/07/2020 15:40, Robert E. Wooden via samba wrote:
> On 7/3/2020 9:31 AM, Rowland penny via samba wrote:
>> Does 'sudo rm -f /var/lib/samba/private/dns.keytab' give you any hint
>> to which is the correct keytab ?
>>
>> Rowland
>>
> While waiting for your reply, I began checking my BIND9 setup.
>
> Having used many of Louis'
2020 Jul 03
2
dns_tkey_gssnegotiate: TKEY is unacceptable
As the subject says, dns_tkey_gssnegotiate: TKEY is unacceptable.
I have internet searched for solutions.
I have done everything on
/wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable/
and I am still getting:
At the end of "root at dc01:~# samba_dnsupdate --verbose --all-names":
dns_tkey_gssnegotiate: TKEY is unacceptable
Failed nsupdate: 1
Failed update of 29
2020 Jul 03
3
dns_tkey_gssnegotiate: TKEY is unacceptable
On 7/3/2020 8:58 AM, Rowland penny via samba wrote:
> Please do not use '127.0.0.1' as a nameserver, use the DC's ipaddress
> instead.
I have corrected this as you have suggested.
>
> You might be looking at the wrong keytab, do you have:
>
> /var/lib/samba/bind-dns/dns.keytab
>
> Rowland
>
Yes, I do (why two dns.keytab . . . a question for later) have
2020 Jul 06
2
dns_tkey_gssnegotiate: TKEY is unacceptable
On 06/07/2020 16:05, Robert E. Wooden via samba wrote:
>
> Why has one installation not created a ".../bind-dns/dns.keytab" file
> and yet the other has?
>
> I followed the same "steps" during installation on both.
>
I am coming to the conclusion that if you upgrade from one major Samba
version to another, then upgrading in place isn't really a good
2019 Jan 07
2
dns_tkey_gssnegotiate: TKEY is unacceptable
Call me dense, but now I am more confused. I have tried with and without quotes ... all over the place (i.e. in the smb.config and on the command line) and everything still results in errors, although not always exactly the same. Messing with the command line results in things like this:
ERROR(runtime): uncaught exception - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
File
2019 Jan 07
1
dns_tkey_gssnegotiate: TKEY is unacceptable
Okay, because you are not wrong ...
One more time before I move forward with this.
The smb.conf is now:
# Global parameters
[global]
bind interfaces only = Yes
interfaces = lo eno1
netbios name = DC01
realm = CORP.<DOMAIN>.COM
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
2020 Jul 06
0
dns_tkey_gssnegotiate: TKEY is unacceptable
On 7/3/2020 10:01 AM, Robert E. Wooden via samba wrote:
> On 7/3/2020 9:50 AM, Rowland penny via samba wrote:
>> Originally, Samba used /var/lib/samba/private for the dns.keytab and
>> other dns files. This was then found to be possibly insecure, so it
>> was decided to use /var/lib/samba/bind-dns instead. When you upgrade
>> the Samba packages, the old files are not
2020 Jul 03
2
dns_tkey_gssnegotiate: TKEY is unacceptable
On 7/3/2020 9:50 AM, Rowland penny via samba wrote:
> I thought I explained that, but lets try again ;-)
>
> Originally, Samba used /var/lib/samba/private for the dns.keytab and
> other dns files. This was then found to be possibly insecure, so it
> was decided to use /var/lib/samba/bind-dns instead. When you upgrade
> the Samba packages, the old files are not removed, but the
2018 Mar 15
0
DNS Updates fail with dns_tkey_gssnegotiate: TKEY is unacceptable
Hi,
I have a test system with two DCs based on samba v 4.8.0 with BIND9_DLZ as the
dns backend running on a fresh install of Gentoo. I can't get DNS Updates to
work on both DCs. If I issue the command: samba_dnsupdate --verbose after the
2nd DC has joined the domain I get the errors (just showing the last entry):
update(nsupdate): SRV
2019 Aug 12
0
dns_tkey_gssnegotiate: TKEY is unacceptable
On 12/08/2019 20:19, Joachim Lindenberg wrote:
> Hi Rowland,
> did read, actually cited the page it myself, but didn?t help me to identify the cause.
> Kerberos credentials exists, dns users exists, file permission are correct. So either that is insufficient or I am blind..
> Regards, Joachim
>
> -----Urspr?ngliche Nachricht-----
> Von: samba <samba-bounces at
2019 Jan 07
4
dns_tkey_gssnegotiate: TKEY is unacceptable
I have installed and configured a Samba version 4.9.4 first in forest AD DC on a clean, updated installation of Ubuntu 18.04 running BIND 9.11.3-1ubuntu1.3-Ubuntu ... built by make with ... '--with-gssapi=/usr' ... '--sysconfdir=/etc' ... '--sysconfdir=/etc/bind' ....
I am following the Samba Wiki for guidiance.
The installation proceeded without error in all tests until I
2018 Jun 30
3
BIND9_DLZ: TKEY is unacceptable - depending on the name server
Dear Samba experts,
Since a couple of days I am trying to fix my domain.
I have each two ADDCs on raspis on two sites. One is running on Raspian and works fine. The other three are on Gentoo and something is broken there.
When I point the name resolution in resolv.conf to the Raspian machine the dynamic updates are just working fine:
# horus /srv/samba/demoshare # samba_dnsupdate --verbose
2019 Aug 12
3
dns_tkey_gssnegotiate: TKEY is unacceptable
I installed a third DC today. Replication works find, but as systemctl status samba-ad-dc showed an error w.r.t. dnsupdate I was running samba_dnsupdate ?verbose.
Below is the output. It looks like there are some missing DNS records, but what are potential causes of this error: dns_tkey_gssnegotiate: TKEY is unacceptable
I already checked what?s listed @
2019 Feb 26
1
AD-DC Bind: TKEY is unacceptable
I'm having trouble with nsupdates. I'm getting TKEY is unacceptable.
I'm using Fedora 29, with its packages:
[root at dc2 kwhite]# rpm -qa | grep samba
samba-4.9.4-1.fc29.x86_64
samba-dc-bind-dlz-4.9.4-1.fc29.x86_64
samba-common-4.9.4-1.fc29.noarch
samba-libs-4.9.4-1.fc29.x86_64
samba-dc-libs-4.9.4-1.fc29.x86_64
samba-winbind-4.9.4-1.fc29.x86_64
samba-common-libs-4.9.4-1.fc29.x86_64
2014 Aug 19
0
Samba4 AD with bind DNS / TKEY is unacceptable
Solved that by chowing the file used on /etc/bind/named.conf.options >>
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
chown bind.root /var/lib/samba/private/dns.keytab
I am using debian.