Web lists-archives.com

Re: [Samba] Samba 4.7.2 + bind on Fedora 27: samba_dlz: spnego update failed




On Mon, 04 Dec 2017 16:57:15 +0100
Dario Lesca via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Il giorno lun, 04/12/2017 alle 16.00 +0100, Dario Lesca via samba ha
> scritto:
> > The samba command
> > 
> >     samba_dnsupdate --verbose  --all-names --fail-immediately
> > 
> > not work
> 
> 
> Following this howto, 
> https://wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable#Verifying_That_the_BIND_AD_Account_Exists_for_the_DC
> 
> I have try this:
> 
>     [    root@server-addc     ~]#
> LDB_MODULES_PATH=/usr/lib64/samba/ldb/ ldbsearch
> -H /var/lib/samba/bind-dns/dns/sam.ldb 'cn=dns-DC1' dn # Referral
> ref: ldap://dogma-to.loc/CN=Configuration,DC=dogma-to,DC=loc
> 
>     # Referral
>     ref: ldap://dogma-to.loc/DC=DomainDnsZones,DC=dogma-to,DC=loc
> 
>     # Referral
>     ref: ldap://dogma-to.loc/DC=ForestDnsZones,DC=dogma-to,DC=loc
> 
>     # returned 3 records
>     # 0 entries
>     # 3 referrals
> 
> This is not output what howto say I can see.
> 
> Seem the account dns-DC1 not exist
> 
>     [    root@server-addc     ~]# samba-tool user list 
>     Administrator
>     Guest
>     krbtgt
>     dns-server-addc
>     ospite
> 
> Then I run
> 
>     [    root@server-addc     ~]# samba_upgradedns --verbose
> --dns-backend=BIND9_DLZ Reading domain information
>     DNS accounts already exist
>     No zone file /var/lib/samba/bind-dns/dns/DOGMA-TO.LOC.zone
>     DNS records will be automatically created
>     DNS partitions already exist
>     dns-server-addc account already exists
>     Could not remove /var/lib/samba/private/named.conf: No such file
> or directory Could not
> remove /var/lib/samba/private/named.conf.update: No such file or
> directory Could not remove /var/lib/samba/private/named.txt: No such
> file or directory Could not delete dir /var/lib/samba/private/dns: No
> such file or directory See /var/lib/samba/bind-dns/named.conf for an
> example configuration include file for BIND
> and /var/lib/samba/bind-dns/named.txt for further documentation
> required for secure DNS updates Finished upgrading DNS
> 
> But I cannot see the "Adding dns-DC1 account" message like howto say

Follow what it says in the blue box under the ldbsearch output on the
wiki page.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba