Problems (possibly bug) with dlz for bind 9.9 in 4.0.0beta3-GIT-763f9e8

Trever L. Adams trever.adams at
Mon Jul 2 04:41:22 MDT 2012

On 07/02/2012 12:45 AM, Andrew Bartlett wrote:
> On Mon, 2012-07-02 at 00:41 -0600, Trever L. Adams wrote:
>> Are there any debugging/logging steps you can recommend? somepc$ was the
>> client so did it get a ticket properly or did it fail?
> To get that message, it seems to have got the ticket, and we decoded it.
>> Will a -d10 log.samba show anything? I should have one captured (I am
>> willing to send it to you off list if it would).
> Unlikely (because the ticket was correctly produced). 
> Andrew Bartlett

Thank you for your help. I have not yet solved the problem, but I
thought I would make a note of some questions I have.

1) Are any of the steps in named.txt for 9.7.x to be followed for
9.8.x/9.9.x? (namely tkey-gssapi-credential or tkey-domain)

2) I think the named.txt needs to be corrected. As written, it seems to
suggest that the line
tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
is intended for 9.8.x ONLY. However, it is necessary for 9.9.x DLZ (at
least as my post beta1 provision shows on testing removal).

3) For 9.9.x DLZ is named.conf.update needed anywhere?

Thank you,

P.S. I have done rpm -V on all the krb5 and bind rpms installed on my
up-to-date Fedora 17 system which is where this S4 provision is. They
all validate perfectly. My /etc/krb5.conf is identical to

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the samba-technical mailing list