[Samba] Samba 4.8.4 + BIND 9.9.4 - possibility of nonsecure DNS updates
Rowland Penny
rpenny at samba.org
Tue Aug 21 15:05:35 UTC 2018
On Tue, 21 Aug 2018 16:50:19 +0200
"L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
>
> ; TSIG error with server: tsig verify failure
>
> Mayabe update/setup your TSIG key.
> https://access.redhat.com/documentation/en-us/openshift_enterprise/2/html/puppet_deployment_guide/generating_a_bind_tsig_key
>
> Im also wondering why RH is using : '--disable-isc-spnego'
>
Good catch Louis, that rang a bell and the answer is because you cannot
run a Samba AD DC on red-hat with distro packages, so they stop updates
(Don't ask why, I don't know)
see here:
https://wiki.samba.org/index.php/Using_BIND_DLZ_backend_with_secured_/_signed_DNS_updates
So in answer to the OP, sorry, but I missed/forgot this and the answer
to your problem is, you will have to rebuild the Bind9 rpm.
Rowland
More information about the samba
mailing list