This is a follow up to my previous post on how to install a Samba 4 enabled Active Directory system with Bind DLZ dynamic zones, dynamic DNS updates from Windows clients and how to assign a static RPC port to Windows services.
As of today, the Bind rebuild requirement to enable back ISC SPNEGO is not required anymore. With the help & time of Simo Sorce from Redhat the fix was pushed to the base Kerberos 5 libraries. You can now use the stock Bind to enable dynamic updates in all the current Fedora releases (19, 20 and Rawhide). Just make sure to have the Kerberos 5 libraries equal or greater than these versions:
You can download these from here, if they are not yet in the repositories. Then, to re-align the Bind version to your current Fedora release just issue a
yum distro-sync bind*, restart all services and you’re good to go.
Thank you very much to Simo Sorce for helping on this.