I have two servers, servidordominio (Domain Controller, Windows 2003 Server) and servidordns (DNS Server, FreeBSD 8.0). When I install the Bind96 from ports with GSS-TSIG support enabled and try to start the bind server, I got the error:
I have my krb5.conf configured as bellow:
I have the file krb5.keytab generated by the domain server using
in my /etc/ directory.
In my named.conf, I have added the lines:
in the options section.
How I can fix this error ?
Thanks.
Code:
configuring TKEY: failure
loading configuration: failure
exiting (due to fatal error)
I have my krb5.conf configured as bellow:
Code:
[realms]
clockskew = 300
default_realm = DOMINIO.COM.BR
[realms]
DOMINIO.COM.BR = {
kdc = servidordominio.DOMINIO.COM.BR
default_domain = DOMINIO.COM.BR
admin_server = servidordominio.DOMINIO.COM.BR
kpasswd_server = servidordominio.DOMINIO.COM.BR
}
[domain_realm]
.DOMINIO.COM.BR = DOMINIO.COM.BR
I have the file krb5.keytab generated by the domain server using
ktpass -out krb5.keytab -princ [email=DNS/servidordns.domino.com.br@DOMINIO.COM.BR]DNS/servidordns.domino.com.br@DOMINIO.COM.BR[/email] -mapuser [email]servidordns@dominio.com.br[/email] -pass * -ptype KRB5_NT_PRINCIPAL
in my /etc/ directory.
In my named.conf, I have added the lines:
Code:
tkey-gssapi-credential "DNS/servidordns.cragroup.ath.cx";
tkey-domain "DOMINIO.COM.BR";
in the options section.
How I can fix this error ?
Thanks.