Web lists-archives.com

Re: [Samba] Samba 4.7.2 + bind on Fedora 27: samba_dlz: spnego update failed






Am 04.12.2017 um 17:19 schrieb Rowland Penny via samba:
On Mon, 04 Dec 2017 16:57:15 +0100
Dario Lesca via samba <samba@xxxxxxxxxxxxxxx> wrote:

Il giorno lun, 04/12/2017 alle 16.00 +0100, Dario Lesca via samba ha
scritto:
The samba command

     samba_dnsupdate --verbose  --all-names --fail-immediately

not work

Following this howto,
https://wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable#Verifying_That_the_BIND_AD_Account_Exists_for_the_DC

I have try this:

     [    root@server-addc     ~]#
LDB_MODULES_PATH=/usr/lib64/samba/ldb/ ldbsearch
-H /var/lib/samba/bind-dns/dns/sam.ldb 'cn=dns-DC1' dn # Referral
ref: ldap://dogma-to.loc/CN=Configuration,DC=dogma-to,DC=loc

     # Referral
     ref: ldap://dogma-to.loc/DC=DomainDnsZones,DC=dogma-to,DC=loc

     # Referral
     ref: ldap://dogma-to.loc/DC=ForestDnsZones,DC=dogma-to,DC=loc

     # returned 3 records
     # 0 entries
     # 3 referrals

This is not output what howto say I can see.

Seem the account dns-DC1 not exist

     [    root@server-addc     ~]# samba-tool user list
     Administrator
     Guest
     krbtgt
     dns-server-addc
     ospite

Then I run

     [    root@server-addc     ~]# samba_upgradedns --verbose
--dns-backend=BIND9_DLZ Reading domain information
     DNS accounts already exist
     No zone file /var/lib/samba/bind-dns/dns/DOGMA-TO.LOC.zone
     DNS records will be automatically created
     DNS partitions already exist
     dns-server-addc account already exists
     Could not remove /var/lib/samba/private/named.conf: No such file
or directory Could not
remove /var/lib/samba/private/named.conf.update: No such file or
directory Could not remove /var/lib/samba/private/named.txt: No such
file or directory Could not delete dir /var/lib/samba/private/dns: No
such file or directory See /var/lib/samba/bind-dns/named.conf for an
example configuration include file for BIND
and /var/lib/samba/bind-dns/named.txt for further documentation
required for secure DNS updates Finished upgrading DNS

But I cannot see the "Adding dns-DC1 account" message like howto say
Follow what it says in the blue box under the ldbsearch output on the
wiki page.

Rowland

On a sidenote, your server has the name server-addc so your dns account name is dns-server-addc which exists on your server.



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba