[Samba] Bind 9.12.x support status
taner76 at gmail.com
Thu Sep 6 08:27:12 UTC 2018
On Thu, 06 Sep 2018 09:29:15 +1200
Andrew Bartlett <abartlet at samba.org> wrote:
> On Thu, 2018-09-06 at 00:01 +0300, Taner Tas via samba wrote:
> > Hi,
> > I recently noticed that when doing "samba_dns --all-names --verbose"
> > against Bind-9.12, I can't update dns records. I'm getting these
> > error messages for each record to update:
> I think this is the key (pardon the pun):
> > daemon.err : samba_dlz: spnego update failed
> Are you running a build with MIT Kerberos?
> There is a replay cache implemented in that codebase that we need to
> disable/work around in Samba, because we do a deliberate replay (we
> parse/decrypt it a second time to get the PAC) of the Kerberos ticket
> Andrew Bartlett
You're spot on about MIT Kerberos. I mistakenly compiled Bind-9.12
against MIT Kerberos. It took me hours to find the cause the problem.
I re-compiled with Heimdal and I confirm that "samba_dns --all-names
--verbose" command runs just fine with Bind-9.12. So, we can assume
that there no issues with the bind-9.12.patch here:
I created a PR for Alpine Linux to solve my fault at first place:
More information about the samba