Problem: Failed to create DNS spn account

scheinig · April 11, 2019, 11:35am

Problem:

Jonscript 98univention-samba4-dns.inst fails due to Failed to create DNS spn account error

Configure 98univention-samba4-dns.inst Fri Mar 29 11:43:11 CET 2019
2019-03-29 11:43:11.978719360+01:00 (in joinscript_init)
Setting dns/backend
File: /etc/systemd/system/bind9.service.d/10-configure-backend.conf
Restarting bind9 (via systemctl): bind9.service.
Wait for bind9:  done
Waiting for RID Pool replication: done.
Object created: uid=dns-slave,cn=users,dc=tech,dc=schein,dc=ig
looking for spn account "dns-SLAVE" in local samba
[...]
ERROR: dns-SLAVE account not found in local samba
**************************************************************
* ERROR: Failed to create DNS spn account.                   *
*        Please check the samba and the s4-connector logfile.*
**************************************************************

Solution:

This might be a temporary problem. In this case the server name was used before and removed completly, but the script fails anyway.

You can try to add the ServicePrinipalName manually on the master.
Please use the name from YOUR join.log → ERROR: dns-<server-name> account not found in local samba
And replace dns-SLAVE in the following command with your dns-

/usr/share/univention-samba4/scripts/create_spn_account.sh --samaccountname "dns-SLAVE" --serviceprincipalname "DNS/SLAVE.tech.schein.ig" --privatekeytab dns.keytab
Object modified: uid=dns-SLAVE,cn=users,dc=tech,dc=schein,dc=ig
looking for spn account "dns-SLAVE" in local samba
Modified 1 records successfully
Added 1 records successfully
Expiry for user 'dns-SLAVE' disabled.

scheinig · April 11, 2019, 11:36am