Hi @ all,
I try to update the DNS records from my DHCP Clients to my AD DC but there ist an issue with the GSSAPI I don't know how to solve. For this I followed this guide. https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_with_B IND9 GSSAPI Error: start_gssrequest tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = No credentials found with supported encryption types (filename: /tmp/dhcp-dyndns.cc). Here is my keytab file: ktutil -k /etc/dhcpduser.keytab list /etc/dhcpduser.keytab: Vno Type Principal Aliases 2 aes256-cts-hmac-sha1-96 [hidden email] <mailto:[hidden email]> 2 aes128-cts-hmac-sha1-96 [hidden email] <mailto:[hidden email]> 2 arcfour-hmac-md5 [hidden email] <mailto:[hidden email]> 2 des-cbc-md5 [hidden email] <mailto:[hidden email]> 2 des-cbc-crc [hidden email] <mailto:[hidden email]> System Information - Raspberry Pi 3 Model B - Raspian Stretch - Samba Version 4.7.4 - BIND Version 9.11.2 - BIND9 built by make '--prefix' '/usr/local/bind9' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr/include/gssapi' '--with-libtool' '--with-dlopen=yes' '--enable-threads' '--enable-largefile' '--with-gnu-ld' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing' 'CFLAGS=-DDIG_SIGCHASE' 'CFLAGS=-O2' bind9 named.conf https://pastebin.com/HW88rwbe samba named.conf https://pastebin.com/zi7Fm27T samba smb.conf https://pastebin.com/i1fmj56T If more information needed, feel free and ask me, I'll do my best to provide them. Greetings Ronny -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba |
On Sun, 7 Jan 2018 23:02:20 +0100
Ronny Preiss via samba <[hidden email]> wrote: > Hi @ all, > > > > I try to update the DNS records from my DHCP Clients to my AD DC but > there ist an issue with the GSSAPI I don't know how to solve. > > > > For this I followed this guide. > > https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_with_B > IND9 > > > > GSSAPI Error: > > start_gssrequest > > tkey query failed: GSSAPI error: Major = Unspecified GSS failure. > Minor code may provide more information, Minor = No credentials found > with supported encryption types (filename: /tmp/dhcp-dyndns.cc). > > > > Here is my keytab file: > > > > ktutil -k /etc/dhcpduser.keytab list > > /etc/dhcpduser.keytab: > > > > Vno Type Principal Aliases > > 2 aes256-cts-hmac-sha1-96 [hidden email] > <mailto:[hidden email]> > > 2 aes128-cts-hmac-sha1-96 [hidden email] > <mailto:[hidden email]> > > 2 arcfour-hmac-md5 [hidden email] > <mailto:[hidden email]> > > 2 des-cbc-md5 [hidden email] > <mailto:[hidden email]> > > 2 des-cbc-crc [hidden email] > <mailto:[hidden email]> > > Don't you mean ' klist -e -k /etc/dhcpduser.keytab' ? If so, it should show something like this: Keytab name: FILE:/etc/dhcpduser.keytab KVNO Principal ---- -------------------------------------------------------------------------- 1 [hidden email] (aes256-cts-hmac-sha1-96) 1 [hidden email] (aes128-cts-hmac-sha1-96) 1 [hidden email] (arcfour-hmac) 1 [hidden email] (des-cbc-md5) 1 [hidden email] (des-cbc-crc) > > System Information > > > > - Raspberry Pi 3 Model B > > - Raspian Stretch > > - Samba Version 4.7.4 > > - BIND Version 9.11.2 > > - BIND9 built by > > make '--prefix' '/usr/local/bind9' '--enable-shared' > > > > '--enable-static' '--with-openssl=/usr' > > '--with-gssapi=/usr/include/gssapi' '--with-libtool' > > '--with-dlopen=yes' '--enable-threads' '--enable-largefile' > > '--with-gnu-ld' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing' > > 'CFLAGS=-DDIG_SIGCHASE' 'CFLAGS=-O2' > > There is no need to build Bind on strech, just use the debian package, also '--with-dlopen' is now built in, the setting no longer exists. > > bind9 named.conf https://pastebin.com/HW88rwbe Yes, but what is in: /etc/bind/named.conf.options /etc/bind/named.conf.local /etc/bind/named.conf.default-zones > > > > samba named.conf https://pastebin.com/zi7Fm27T nothing wrong there. > > > > samba smb.conf https://pastebin.com/i1fmj56T Nothing wrong there either. > > > > If more information needed, feel free and ask me, I'll do my best to > provide them. Post what is in /etc/hostname, etc/hosts, /etc/resolv.conf and /etc/krb5.conf. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba |
Free forum by Nabble | Edit this page |