Problems with Bind-Kerberos-Windows-Linux

Sergiu Bivol sbivol at
Wed Dec 8 23:23:26 UTC 2010

> I do this now the 3rd week. I was reading a lot of books and manuals, doing
> a lot of configuration and sniffering etc. I looked in google for hours but
> I could not find anyone that says - yes it works.

It does work, but setting it up is very-very painful. Even if you do get it working, and document every step, a slightest mistake is at least an hour or two spent in troubleshooting. When configured properly it works, with a few limitations (in 9.7.2 at least).

>Do you mean the policy in the active directory? 

No, I meant the update-policy option in BIND. It allows you to grant/deny ddns update permission to kerberos principals.

>Btw. did you try to do it your own and succeeded?

Yes, we succeeded and got GSS-TSIG in BIND working with Windows clients, Windows DHCP, and implemented our own GSS-TSIG client.


More information about the bind-users mailing list