Hello, thanx to all that helped me. Problem solved.
The main reason was this posted by phil 1. Ensure there is a prinicpal in your kerberos realm "DNS/ hostname.domain.com", matching the hostname of your DNS server This is why I always got a wrong principal name. Have a nice weekend, cheers, Juergen 2010/12/9 Sergiu Bivol <sbi...@bluecatnetworks.com> > > I do this now the 3rd week. I was reading a lot of books and manuals, > doing > > a lot of configuration and sniffering etc. I looked in google for hours > but > > I could not find anyone that says - yes it works. > > It does work, but setting it up is very-very painful. Even if you do get it > working, and document every step, a slightest mistake is at least an hour or > two spent in troubleshooting. When configured properly it works, with a few > limitations (in 9.7.2 at least). > > >Do you mean the policy in the active directory? > > No, I meant the update-policy option in BIND. It allows you to grant/deny > ddns update permission to kerberos principals. > > >Btw. did you try to do it your own and succeeded? > > Yes, we succeeded and got GSS-TSIG in BIND working with Windows clients, > Windows DHCP, and implemented our own GSS-TSIG client. > > Regards > Sergiu > > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
