Hi, I am trying to run samba with bind_dlz (bind-9.9.1 - P1) on a multi-homed network. I have configured the setup as per Samba4 Howto. But when I try to do "samba_dnsupdate --all-names" it fails with error: dns_tkey_negotiategss: TKEY is unacceptable
The kerberos ticket being used by samba_dnsupdate shows follwoing principals: klist -c /tmp/tmp6cxfgY Ticket cache: FILE:/tmp/tmp6cxfgY Default principal: [email protected] Service principal krbtgt/BOM.MH.IN DNS/[email protected] Whereas the dns.keytab shows following principals (repeated for multiple encryption algorithms) klist -k private/dns.keytab: DNS/[email protected] [email protected] Wireshark shows that samba_dnsupdate requests TGS-REQ for DNS/ [email protected] I retried this thing with samba's internal DNS and there samba_dnsupdate requests for DNS/[email protected]. In case of internal server the ticket cache shows up like: Service principal krbtgt/BOM.MH.IN DNS/[email protected] As the principal being used by samba_dnsupdate in case of Bind doesn't contain domain name at its end, can this be the reason for Tkey failure? Why is there a difference in the principal names requested by samba_dnsupdate in case of Bind and Internal DNS? PS: I couldn't go ahead with samba's internal DNS because there I got Tsig verify failure as already posted here: http://permalink.gmane.org/gmane.network.samba.general/127722 Thank you folks for the awesome work! Regards, Tushar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
