Debugging "configuring TKEY: failure" (w/samba4)

Adam Tauno Williams awilliam at whitemice.org
Wed Nov 10 13:48:42 UTC 2010


I'm attempting to get Bind 9.7.2 (built on openSUSE 11.3) running in
relation to Samba4; this uses GSSAPI authentication to update the Bind
zones.  Everything works except this part.  I've build bind with
--with-gssapi, verified krb5 is linked in, and verified [at least with
kinit and other trivial krb5 tools] that Kerberos/GSSAPI is working.
But when I add:

options {

tkey-gssapi-credential "DNS/ad.mormail.com";
tkey-domain "AD.MORMAIL.COM";
...
}

- to my bind configuration bind fails to start with -

Nov 10 08:43:32 opensuse named[3021]: automatic empty zone: D.F.IP6.ARPA
Nov 10 08:43:32 opensuse named[3021]: automatic empty zone:
8.E.F.IP6.ARPA
Nov 10 08:43:32 opensuse named[3021]: automatic empty zone:
9.E.F.IP6.ARPA
Nov 10 08:43:32 opensuse named[3021]: automatic empty zone:
A.E.F.IP6.ARPA
Nov 10 08:43:32 opensuse named[3021]: automatic empty zone:
B.E.F.IP6.ARPA
Nov 10 08:43:32 opensuse named[3021]: automatic empty zone:
8.B.D.0.1.0.0.2.IP6.ARPA
Nov 10 08:43:32 opensuse named[3021]: configuring TKEY: failure
Nov 10 08:43:32 opensuse named[3021]: loading configuration: failure
Nov 10 08:43:32 opensuse named[3021]: exiting (due to fatal error)

I've tried playing with log levels, etc... and I just can seem to dig
any more information out of it.  Are there any procedures / tips for
debugging a "configuring TKEY: failure" message?
-- 
Adam Tauno Williams <awilliam at whitemice.org>




More information about the bind-users mailing list