Univention Bugzilla – Bug 45789
Error updating dns-service account password in secrets.ldb: No saltPrincipal provided
Last modified: 2020-07-03 20:56:15 CEST
Ticket#2017112821000241 showed a case, where kinit failed for the dns-service account. univention-system-check complained about it but I have not seen any negative influence on DDNS updates by windows clients in that case. To fix it, I've used samba-tool user setpassword to set a new password and then I updated the corresponding "secret: " attribute for that service account in secrets.ldb (and incremented msds-KeyversionNumber). This aborted with an error message: Failed to commit transaction: Failed to update keytab from entry samAccountName=dns-master10,CN=Principals in /var/lib/samba/private/secrets.ldb: No saltPrincipal provided I fixed this by also adding an attribute saltPrincipal: dns-master10@MYDOM.UCS I guess this might be missing on UCS servers that have been updated from earlier UCS/Samba versions. In that case, the problem was only on one of four DCs. Maybe it's also just a master issue.
Same here: Ticket #2018020521000307
This issue has been filed against UCS 4.2. UCS 4.2 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.