View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0006526CentOS-6bindpublic2013-06-28 23:542014-12-28 02:50
Reportervasek125 
PriorityurgentSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Platformi386OSCentOSOS Version6.4
Product Version6.4 
Target VersionFixed in Version6.6 
Summary0006526: GSS api not working with MS Active Directory
DescriptionGSS-TSIG stopped working (it worked in the past) with MS Active Directory so Windows can not register/update DNS records. This bug is very sneaky - no log in the logfile, after debugging enabled: "failed gss_inquire_cred: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Success."
Steps To ReproduceEvery Windows secure DNS update.
Additional InformationThis bug can be fixed by removing "--disable-isc-spnego" from the SPEC file of bind RPM. I rebuilt it without this line and now everything works.
TagsNo tags attached.

Activities

vasek125

vasek125

2013-06-29 12:59

reporter   ~0017605

This could be GSSAPI library bug, not bind bug, because it works with ISC SPNEGO (compiling without "--disable-isc-spnego") but not with GSSAPI SPNEGO.
vasek125

vasek125

2013-06-29 16:30

reporter   ~0017606

Downgrading of kerberos packages works too so workaround can be to download krb5-devel-1.9-33.el6_3.3.i686.rpm krb5-libs-1.9-33.el6_3.3.i686.rpm krb5-workstation-1.9-33.el6_3.3.i686.rpm from Centos vault 6.3/updates and do yum downgrade krb5-*. So please fix kerberos libraries or compile the bind package without "--disable-isc-spnego" option so bind embedded spnego will be used.
JHogarth

JHogarth

2014-09-15 08:58

reporter   ~0020911

This has been fixed upstream and will be arriving in the 6.6 update.

https://bugzilla.redhat.com/show_bug.cgi?id=1087068
tigalch

tigalch

2014-10-28 21:10

manager   ~0021434

Solves with the release of 6.6

Issue History

Date Modified Username Field Change
2013-06-28 23:54 vasek125 New Issue
2013-06-29 12:59 vasek125 Note Added: 0017605
2013-06-29 16:30 vasek125 Note Added: 0017606
2014-09-15 08:58 JHogarth Note Added: 0020911
2014-10-28 21:10 tigalch Note Added: 0021434
2014-10-28 21:10 tigalch Status new => resolved
2014-10-28 21:10 tigalch Fixed in Version => 6.6
2014-10-28 21:10 tigalch Resolution open => fixed