Problems with Bind-Kerberos-Windows-Linux
Jürgen Dietl
juergen.dietl at googlemail.com
Fri Dec 10 09:16:26 UTC 2010
Hello,
thanx to all that helped me. Problem solved.
The main reason was this posted by phil
1. Ensure there is a prinicpal in your kerberos realm "DNS/
hostname.domain.com", matching the hostname of your DNS server
This is why I always got a wrong principal name.
Have a nice weekend,
cheers,
Juergen
2010/12/9 Sergiu Bivol <sbivol at bluecatnetworks.com>
> > I do this now the 3rd week. I was reading a lot of books and manuals,
> doing
> > a lot of configuration and sniffering etc. I looked in google for hours
> but
> > I could not find anyone that says - yes it works.
>
> It does work, but setting it up is very-very painful. Even if you do get it
> working, and document every step, a slightest mistake is at least an hour or
> two spent in troubleshooting. When configured properly it works, with a few
> limitations (in 9.7.2 at least).
>
> >Do you mean the policy in the active directory?
>
> No, I meant the update-policy option in BIND. It allows you to grant/deny
> ddns update permission to kerberos principals.
>
> >Btw. did you try to do it your own and succeeded?
>
> Yes, we succeeded and got GSS-TSIG in BIND working with Windows clients,
> Windows DHCP, and implemented our own GSS-TSIG client.
>
> Regards
> Sergiu
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20101210/fe5b429c/attachment.html>
More information about the bind-users
mailing list