[Samba] samba4 as DC problems

[MGY]

Hi! Please help to resolve some isssues. I'm running Samba DC Version 4.1.0pre1-GIT-229d934 on Debian 6 (and i'm not familiar with linux at all). 

Almost all primary services working good, users can authenticate by DC, workstations applying policy, file services running perfect, but i can't setup DNS dynamic updates. 

I'm runnning Bind 9.9.2 

Код:
named -V
BIND 9.9.2 built with '--prefix=/usr' '--sysconfdir=/etc' '--localstatedir=/var' '--mandir=/usr/share/man' '--enable-threads' '--with-libtool'
using OpenSSL version: OpenSSL 0.9.8o 01 Jun 2010 using libxml2 version: 2.7.8.

My named.conf is next:

Код:
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

key "rndc-key" {
        algorithm hmac-md5;
        secret "gxFSRw6DE1rJZziIPZP71Q==";
 };

 controls {
        inet 127.0.0.1 port 953
                allow { 127.0.0.1; } keys { "rndc-key"; };
 };


include "/etc/bind/named.conf.options";
#include "/etc/bind/named.conf.default-zones";
include "/usr/local/samba/private/named.conf";
#include "/usr/local/samba/private/dns_update_list";
logging {
        };

Код:
options {
        directory "/var/cache/bind";
        tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
#      tkey-gssapi-credential "DNS/EM.ORG";
        tkey-domain "EM.ORG";


        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

         forwarders {
                172.29.78.11;
                172.29.78.4;
         };

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};

When i'm uncomment   #tkey-gssapi-credential "DNS/EM.ORG";
Bind9 failed to start and logging next:

Код:
Jan 31 11:12:05 EM-DC named[3396]: configuring TKEY: failure
Jan 31 11:12:05 EM-DC named[3396]: loading configuration: failure
Jan 31 11:12:05 EM-DC named[3396]: exiting (due to fatal error)


and 
Код:
Jan 31 09:25:27 EM-DC named[1481]: samba_dlz: starting transaction on zone em.org    
Jan 31 09:25:27 EM-DC named[1481]: client 192.168.7.22#64036: update 'em.org/IN' denied
Jan 31 09:25:27 EM-DC named[1481]: samba_dlz: cancelling transaction on zone em.org
Jan 31 09:25:48 EM-DC named[1481]: samba_dlz: starting transaction on zone em.org
Jan 31 09:25:48 EM-DC named[1481]: client 192.168.7.20#61429: update 'em.org/IN' denied
Jan 31 09:25:48 EM-DC named[1481]: samba_dlz: cancelling transaction on zone em.org   
Jan 31 09:25:48 EM-DC named[1481]: client 192.168.7.20#55001: request has invalid signature: TSIG 1136-ms-7.1-52ef.9f4ed036-6b6f-11e2-31a7-8c89a5ffcfe7: t$
Jan 31 09:26:53 EM-DC named[1481]: samba_dlz: starting transaction on zone em.org
Jan 31 09:26:53 EM-DC named[1481]: client 192.168.7.13#60999: update 'em.org/IN' denied
Jan 31 09:26:53 EM-DC named[1481]: samba_dlz: cancelling transaction on zone em.org

Second question is about randomly appearing in the log message:

Код:
Jan 31 09:29:34 EM-DC smbd[2029]: [2013/01/31 09:29:34.640810,  0] ../source4/lib/messaging/messaging.c:633(imessaging_init)
Jan 31 09:29:34 EM-DC smbd[2029]:   Unable to setup messaging listener for '/usr/local/samba/private/smbd.tmp/msg/msg.2029.2':NT_STATUS_ACCESS_DENIED
Jan 31 09:29:34 EM-DC smbd[2029]: [2013/01/31 09:29:34.641125,  0] ../source3/rpc_server/dcesrv_auth_generic.c:40(auth_generic_server_authtype_start)
Jan 31 09:29:34 EM-DC smbd[2029]:   ../source3/rpc_server/dcesrv_auth_generic.c:40: auth_generic_prepare failed: NT_STATUS_INVALID_SERVER_STATE
Jan 31 09:29:34 EM-DC smbd[2029]: [2013/01/31 09:29:34.641266,  0] ../source3/rpc_server/srv_pipe.c:555(pipe_auth_generic_bind)
Jan 31 09:29:34 EM-DC smbd[2029]:   ../source3/rpc_server/srv_pipe.c:555: auth_generic_server_authtype_start failed: NT_STATUS_INVALID_SERVER_STATE

Please help! how can i fix this?