Web lists-archives.com

Re: [Samba] dns_tkey_gssnegotiate: TKEY is unacceptable




On Mon, 7 Jan 2019 23:02:17 +0000 (UTC)
Billy Bob <billysbobs@xxxxxxxxx> wrote:

> Okay, because you are not wrong ...
> One more time before I move forward with this.
> The smb.conf is now:
> 
> # Global parameters
> [global]
>         bind interfaces only = Yes
>         interfaces = lo eno1
>         netbios name = DC01
>         realm = CORP.<DOMAIN>.COM
>         server role = active directory domain controller
>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbindd, ntp_signd, kcc, dnsupdate workgroup = CORP
>         idmap_ldb:use rfc2307 = yes
>         dns update command = /usr/local/samba/sbin/samba_dnsupdate
> --use-samba-tool[netlogon] path
> = /usr/local/samba/var/locks/sysvol/corp.<DOMAIN>.com/scripts read
> only = No[sysvol] path = /usr/local/samba/var/locks/sysvol
>         read only = No
> 
> 
> Running:
> 
> # samba_dnsupdate --use-samba-tool --verbose --all-names
> 
> returns:
> 
> IPs: ['172.20.10.130']
> force update: A dc01.corp.<DOMAIN>.com 172.20.10.130
>  * * * * *
> force update: SRV
> _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.corp.<DOMAIN>.com
> dc01.corp.<DOMAIN>.com 389 29 DNS updates and 0 DNS deletes needed
> Successfully obtained Kerberos ticket to DNS/dc01.corp.<DOMAIN>.com
> as DC01$ update (samba-tool): A dc01.corp.<DOMAIN>.com 172.20.10.130
> Calling samba-tool dns for A dc01.corp.<DOMAIN>.com 172.20.10.130
> (add) Calling samba-tool dns add -k no -P ['172.20.10.130',
> 'corp.<DOMAIN>.com', 'dc01', 'A', '172.20.10.130'] ERROR(runtime):
> uncaught exception - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
> File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> line 177, in _run return self.run(*args, **kwargs) File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py",
> line 945, in run raise e Failed 'samba-tool dns' based update of A
> dc01.corp.<DOMAIN>.com 172.20.10.130
>  * * * * *
> Failed update of 29 entries
> 
> ... and we are all good with that?

Yes, because it isn't really failing, the record already exists, so it
cannot and does not need to create it, but it is being treated as a
failure.

Rowland



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba