Problems (possibly bug) with dlz for bind 9.9 in 4.0.0beta3-GIT-763f9e8

[Andrew Bartlett]

On Mon, 2012-06-25 at 00:32 -0600, Trever L. Adams wrote:
> Hello Everyone,
> 
> This is a clean domain, provisioned post beta1 (I think beta2). I have not been able to get Windows PCs to do DNS updates. A bit about my network. Every machine has at least one private IPv4 address, one private IPv6 address (fdXX below), and one publicly route-able IPv6 address. When I first mentioned this problem in another bug there was a screw up in my delegation of reverse zones and a few other left overs from some other setups. These are completely cleared out. There are no strange forwards or messed up delegations now and everything is showing up as coming from the client machine (such as the one below, a full log would show this repeated exactly with a 2001 address as it seems to be trying to update from both). 
> 
> The only log that seems to have anything to do with this is from named.run (on a Fedora 17 box). This is with -d 9 or -d 10 on the command line starting Samba 4. If there is something I can do to get DLZ debug info out of Samba or more info out of bind, I am willing to try.

> failed gss_inquire_cred: GSSAPI error: Major = Unspecified GSS failure. 
> Minor code may provide more information, Minor = Success.
> gss-api source name (accept) is somepc$@EXAMPLE.ORG

This is very interesting.  The fact that we get as far as
gss_inquire_cred() means that bind was able to access the keytab and it
had the correct key.  Something else is failing in the krb5 libs or
BIND. 

Sadly I don't have any particular clues as to what is wrong, or how to
fix it. 

Sorry,

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org