[Samba] Bind 9.12.x support status
Taner Tas
taner76 at gmail.com
Thu Sep 6 08:27:12 UTC 2018
On Thu, 06 Sep 2018 09:29:15 +1200
Andrew Bartlett <abartlet at samba.org> wrote:
> On Thu, 2018-09-06 at 00:01 +0300, Taner Tas via samba wrote:
> > Hi,
> >
> > I recently noticed that when doing "samba_dns --all-names --verbose"
> > against Bind-9.12, I can't update dns records. I'm getting these
> > error messages for each record to update:
> >
>
> I think this is the key (pardon the pun):
>
> > daemon.err [6942]: samba_dlz: spnego update failed
>
> Are you running a build with MIT Kerberos?
>
> There is a replay cache implemented in that codebase that we need to
> disable/work around in Samba, because we do a deliberate replay (we
> parse/decrypt it a second time to get the PAC) of the Kerberos ticket
> here.
>
> Andrew Bartlett
You're spot on about MIT Kerberos. I mistakenly compiled Bind-9.12
against MIT Kerberos. It took me hours to find the cause the problem.
I re-compiled with Heimdal and I confirm that "samba_dns --all-names
--verbose" command runs just fine with Bind-9.12. So, we can assume
that there no issues with the bind-9.12.patch here:
https://github.com/alpinelinux/aports/tree/master/main/samba
I created a PR for Alpine Linux to solve my fault at first place:
https://github.com/alpinelinux/aports/pull/5112
---
Taner Tas
More information about the samba
mailing list