# TKEY: failure error starting bind



## ednfran (Jan 12, 2010)

I have two servers, servidordominio (Domain Controller, Windows 2003 Server) and servidordns (DNS Server, FreeBSD 8.0). When I install the Bind96 from ports with GSS-TSIG support enabled and try to start the bind server, I got the error:


```
configuring TKEY: failure
loading configuration: failure
exiting (due to fatal error)
```

I have my krb5.conf configured as bellow:


```
[realms]
    clockskew = 300
    default_realm = DOMINIO.COM.BR

[realms]
    DOMINIO.COM.BR = {
        kdc = servidordominio.DOMINIO.COM.BR
        default_domain = DOMINIO.COM.BR
        admin_server = servidordominio.DOMINIO.COM.BR
        kpasswd_server = servidordominio.DOMINIO.COM.BR
    }

[domain_realm]
    .DOMINIO.COM.BR = DOMINIO.COM.BR
```

I have the file krb5.keytab generated by the domain server using

`ktpass -out krb5.keytab -princ [email=DNS/servidordns.domino.com.br@DOMINIO.COM.BR]DNS/servidordns.domino.com.br@DOMINIO.COM.BR[/email] -mapuser [email]servidordns@dominio.com.br[/email] -pass * -ptype KRB5_NT_PRINCIPAL`

in my /etc/ directory.

In my named.conf, I have added the lines:


```
tkey-gssapi-credential "DNS/servidordns.cragroup.ath.cx";
tkey-domain "DOMINIO.COM.BR";
```

in the options section.

How I can fix this error ?

Thanks.


----------

