[Samba] Samba 4.8.4 + BIND 9.9.4 - possibility of nonsecure DNS updates

Rowland Penny rpenny at samba.org
Tue Aug 21 15:05:35 UTC 2018

On Tue, 21 Aug 2018 16:50:19 +0200
"L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:

> ; TSIG error with server: tsig verify failure
> Mayabe update/setup your TSIG key. 
> https://access.redhat.com/documentation/en-us/openshift_enterprise/2/html/puppet_deployment_guide/generating_a_bind_tsig_key 
> Im also wondering why RH is using : '--disable-isc-spnego' 

Good catch Louis, that rang a bell and the answer is because you cannot
run a Samba AD DC on red-hat with distro packages, so they stop updates
(Don't ask why, I don't know)

see here:


So in answer to the OP, sorry, but I missed/forgot this and the answer
to your problem is, you will have to rebuild the Bind9 rpm.


More information about the samba mailing list