[Samba] Issue with Bind
felix at epepm.cupet.cu
felix at epepm.cupet.cu
Thu May 12 10:09:20 MDT 2011
Thanks a lot for your hint.
I finally made it in Debian Lenny (with Samba4 alpha15 and Bind9.8.0)
installing libkrb5-dev.
My named.conf just has an include "/usr/local/samba/private/named.conf";
and there I also included the options, related to tkey, suggested in the
HowTo.
I would like to notice that I followed the recommendation from Bind source
and I used the option tkey-gssapi-keytab instead of tkey-gssapi-credential
and tkey-domain which I finally commented.
Finally, I would like to know if I'll need a KDC, and if so, which one,
MIT or Heimdal???
Best regards,
Felix.
> It looks like kerberos support installs the proper files, Check for the
> packages listed below. This is Ubuntu Lucid, not sure how the names have
> changed for your distribution.
>
> root at FILESRV1:/usr/include/mit-krb5# dpkg -S gssapi.h
> libkrb5-dev: /usr/include/gssrpc/auth_gssapi.h
> krb5-multidev: /usr/include/mit-krb5/gssapi/gssapi.h
> libkrb5-dev: /usr/include/gssapi.h
> libkrb5-dev: /usr/include/gssapi/gssapi.h
> krb5-multidev: /usr/include/mit-krb5/gssapi.h
> krb5-multidev: /usr/include/mit-krb5/gssrpc/auth_gssapi.h
>
>
> On 05/11/2011 02:12 PM, felix at epepm.cupet.cu wrote:
>> I'm trying to compile using --with-gssapi but I found gssapi.h in
>> /usr/loca/include/dst/ and I used this path but the answer is gssapi.h
>> not found???
>> I'm using Debian Lenny.
>> I think this gssapi.h I have becomes from the previous installation of
>> bind9 because I found that file in Bind9 source directory.
>> My question is how can I install gssapi???
>>
>> Best regards,
>> Felix.
>>
>>
>>> did you compile bind with gssapi? my compile options with ubuntu are
>>> this..Verify your pointing to the proper path when compiling for
>>> gssapi.
>>>
>>> ./configure --prefix=/usr/local/bind9 --with-gssapi=/usr/include/gssapi
>>>
>>> verify that you have the proper environments in bind,,, I have this in
>>> the init script..
>>>
>>> KEYTAB_FILE="/usr/local/samba1/private/dns.keytab"
>>> KRB5_KTNAME="/usr/local/samba1/private/dns.keytab"
>>> export KEYTAB_FILE
>>> export KRB5_KTNAME
>>>
>>> and verify that the options are in named.conf properly.. CASE matters..
>>> tkey-gssapi-credential "DNS/example.com";
>>> tkey-domain "EXAMPLE.COM";
>>>
>>> Verify all this and modify for your environment...
>>>
>>> On 05/11/2011 12:15 PM, felix at epepm.cupet.cu wrote:
>>>> I followed the Howto http://wiki.samba.org/index.php/Samba4/HOWTO
>>>>
>>>> Using:
>>>> -Samba4 alpha15
>>>> -Bind9.8.0
>>>>
>>>> When I added an XP PC (192.168.123.244) to my domain I got this in
>>>> syslog:
>>>>
>>>> May 11 12:04:18 samba4 named[10705]: client 192.168.123.244#1061:
>>>> update
>>>> 'mydomain.com/IN' denied
>>>> May 11 12:04:18 samba4 named[10705]: tkey.c:486: ENSURE(result ==
>>>> (((1)<<
>>>> 16) + 28) || result == 0) failed, back trace
>>>> May 11 12:04:18 samba4 named[10705]: #0 0x805ac45 in
>>>> assertion_failed()+0x45
>>>> May 11 12:04:18 samba4 named[10705]: #1 0x81c62f7 in
>>>> isc_assertion_failed()+0x27
>>>> May 11 12:04:18 samba4 named[10705]: #2 0x81659ba in
>>>> dns_tkey_processquery()+0x98a
>>>> May 11 12:04:18 samba4 named[10705]: #3 0x80696ff in
>>>> ns_query_start()+0x40f
>>>> May 11 12:04:18 samba4 named[10705]: #4 0x8051d44 in
>>>> client_request()+0xdc4
>>>> May 11 12:04:18 samba4 named[10705]: #5 0x81e270d in
>>>> isc__taskmgr_dispatch()+0x17d
>>>> May 11 12:04:18 samba4 named[10705]: #6 0x81e5e34 in evloop()+0x74
>>>> May 11 12:04:18 samba4 named[10705]: #7 0x81e60af in
>>>> isc__app_ctxrun()+0x12f
>>>> May 11 12:04:18 samba4 named[10705]: #8 0x81e6182 in
>>>> isc__app_run()+0x12
>>>> May 11 12:04:18 samba4 named[10705]: #9 0x805bd56 in main()+0xc96
>>>> May 11 12:04:18 samba4 named[10705]: #10 0xb7d04455 in
>>>> _fini()+0xafb0d6b9
>>>> May 11 12:04:18 samba4 named[10705]: #11 0x804bb61 in _start()+0x21
>>>> May 11 12:04:18 samba4 named[10705]: exiting (due to assertion
>>>> failure)
>>>>
>>>>
>>>> Any ideas??
>>>>
>>>> Best regards,
>>>> Felix.
>>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>
>
>
More information about the samba
mailing list