Dynamic DNS Update Error GSS failure

Hi @ all,

 

I try to update the DNS records from my DHCP Clients to my AD DC but there
ist an issue with the GSSAPI I don't know how to solve.

 

For this I followed this guide.

https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_with_B
IND9

 

GSSAPI Error:

start_gssrequest

tkey query failed: GSSAPI error: Major = Unspecified GSS failure.  Minor
code may provide more information, Minor = No credentials found with
supported encryption types (filename: /tmp/dhcp-dyndns.cc).

 

Here is my keytab file:

 

ktutil -k /etc/dhcpduser.keytab list

/etc/dhcpduser.keytab:

 

Vno  Type                     Principal                Aliases

  2  aes256-cts-hmac-sha1-96  [hidden email]
<mailto:[hidden email]>

  2  aes128-cts-hmac-sha1-96  [hidden email]
<mailto:[hidden email]>

  2  arcfour-hmac-md5         [hidden email]
<mailto:[hidden email]>

  2  des-cbc-md5              [hidden email]
<mailto:[hidden email]>

  2  des-cbc-crc              [hidden email]
<mailto:[hidden email]>

 

System Information

 

- Raspberry Pi 3 Model B

- Raspian Stretch

- Samba Version 4.7.4

- BIND Version 9.11.2

- BIND9 built by

make '--prefix' '/usr/local/bind9' '--enable-shared'

 

   '--enable-static' '--with-openssl=/usr'

   '--with-gssapi=/usr/include/gssapi' '--with-libtool'

   '--with-dlopen=yes' '--enable-threads' '--enable-largefile'

   '--with-gnu-ld' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing'

   'CFLAGS=-DDIG_SIGCHASE' 'CFLAGS=-O2'

 

bind9 named.conf https://pastebin.com/HW88rwbe

 

samba named.conf https://pastebin.com/zi7Fm27T

 

samba smb.conf https://pastebin.com/i1fmj56T

 

If more information needed, feel free and ask me, I'll do my best to provide
them.

 

Greetings Ronny

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

On Sun, 7 Jan 2018 23:02:20 +0100
Ronny Preiss via samba <[hidden email]> wrote:

Don't you mean ' klist -e -k /etc/dhcpduser.keytab' ?

If so, it should show something like this:

Keytab name: FILE:/etc/dhcpduser.keytab
KVNO Principal
---- --------------------------------------------------------------------------
   1 [hidden email] (aes256-cts-hmac-sha1-96)
   1 [hidden email] (aes128-cts-hmac-sha1-96)
   1 [hidden email] (arcfour-hmac)
   1 [hidden email] (des-cbc-md5)
   1 [hidden email] (des-cbc-crc)

There is no need to build Bind on strech, just use the debian package,
also '--with-dlopen' is now built in, the setting no longer exists.

>
> bind9 named.conf https://pastebin.com/HW88rwbe

Yes, but what is in:

/etc/bind/named.conf.options
/etc/bind/named.conf.local
/etc/bind/named.conf.default-zones

>
>  
>
> samba named.conf https://pastebin.com/zi7Fm27T

nothing wrong there.

>
>  
>
> samba smb.conf https://pastebin.com/i1fmj56T

Nothing wrong there either.

>
>  
>
> If more information needed, feel free and ask me, I'll do my best to
> provide them.

Post what is in /etc/hostname, etc/hosts, /etc/resolv.conf
and /etc/krb5.conf.

Rowland
 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba