Problems with Bind-Kerberos-Windows-Linux
sbivol at bluecatnetworks.com
Wed Dec 8 23:23:26 UTC 2010
> I do this now the 3rd week. I was reading a lot of books and manuals, doing
> a lot of configuration and sniffering etc. I looked in google for hours but
> I could not find anyone that says - yes it works.
It does work, but setting it up is very-very painful. Even if you do get it working, and document every step, a slightest mistake is at least an hour or two spent in troubleshooting. When configured properly it works, with a few limitations (in 9.7.2 at least).
>Do you mean the policy in the active directory?
No, I meant the update-policy option in BIND. It allows you to grant/deny ddns update permission to kerberos principals.
>Btw. did you try to do it your own and succeeded?
Yes, we succeeded and got GSS-TSIG in BIND working with Windows clients, Windows DHCP, and implemented our own GSS-TSIG client.
More information about the bind-users