Problem with tkey*

Anton Löthman takayama123 at hotmail.com
Mon Feb 22 02:07:42 MST 2010 

My /etc/sysconfig/named look like this
ROOTDIR=/var/named/chroot
KEYTAB_FILE="/usr/local/samba/private/dns.keytab"
KRB5_KTNAME="/usr/local/samba/private/dns.keytab"
 export KEYTAB_FILE
 export KRB5_KTNAME

the options part in my named.conf look like this
options {
        version "none";
        listen-on    { any; };
#       include "/etc/named.conf.yo";
        tkey-gssapi-credential "DNS/test.local";
        tkey-domain "test.LOCAL";

      allow-recursion { trusted; };
        directory "/var/named";
};

my krb5.conf look like this
[libdefaults]
        default_realm = TEST.LOCAL
        dns_lookup_realm = false
        dns_lookup_kdc = true
        ticket_lifetime = 24h
        forwardable = yes

[realms]
       TEST.LOCAL = {
                kdc = yamazaki.test.local:88
                admin_server = yamazaki.test.local:749
                default_domain = test.local
        }

[domain_realm]
        .test.local = test.local
        test.local = TEST.LOCAL


when trying to start the named deamon with ./service named start it fails and in /var/log/message it shows

Feb 22 10:06:08 yamazaki named[28975]: configuring TKEY: failure
Feb 22 10:06:08 yamazaki named[28975]: loading configuration: failure
Feb 22 10:06:08 yamazaki named[28975]: exiting (due to fatal error)



> Subject: RE: Problem with tkey*
> From: abartlet at samba.org
> To: takayama123 at hotmail.com
> CC: idra at samba.org; samba-technical at lists.samba.org
> Date: Mon, 22 Feb 2010 12:31:17 +1100
> 
> On Mon, 2010-02-22 at 00:16 +0100, Anton Löthman wrote:
> > Same error,
> > 
> > failed to acquire accept credentials for DNS/samdom.example.com:
> > GSSAPI error: Major = Unspecified GSS failure.  Minor code may provide
> > more information, Minor = No error.
> 
> Does your default_realm in your krb5.conf match your named.conf tkey
> statements?
> 
> Andrew Bartlett
> 
> -- 
> Andrew Bartlett                                http://samba.org/~abartlet/
> Authentication Developer, Samba Team           http://samba.org
> Samba Developer, Cisco Inc.
 		 	   		  
_________________________________________________________________
Your E-mail and More On-the-Go. Get Windows Live Hotmail Free.
https://signup.live.com/signup.aspx?id=60969

More information about the samba-technical mailing list