Hi

El sáb, 27-04-2013 a las 10:35 -0400, Guy Matz escribió:
> Hi!  Anyone out there know how to get nsupdate to work with an IPA 
> controlled DNS server?  I have followed the instructions at 
> http://freeipa.org/page/Dynamic_updates_with_GSS-TSIG in an attempt to 
> get a single machine to be able to perform any update, and have this as 
> one of the entries in my "bind update policy":
> grant SERVICE\047foreman.collmedia....@collmedia.net wildcard * ANY;

Your zone update policy should include something like "grant
host/\047foreman.collmedia....@collmedia.net wildcard * ANY;"

After that on foreman.collmedia.net you should call kinit followed by
nsupdate:

# kinit -k host/foreman.collmedia.net
# nsupdate -g

Hope this helps.

> and dynamic update is set to true, but still I get this in 
> /var/log/messages on my IPA server when attempting an update from the 
> foreman server in the grant statement above:
> ipadevmstr named[27956]: client 192.168.8.113#60749: updating zone 
> 'collmedia.net/IN': update failed: rejected by secure update (REFUSED)
> 
> Any help is greatly appreciated!
> 
> Thanks,
> Guy
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

-- 
Loris Santamaria   linux user #70506   xmpp:lo...@lgs.com.ve
Links Global Services, C.A.            http://www.lgs.com.ve
Tel: 0286 952.06.87  Cel: 0414 095.00.10  sip:1...@lgs.com.ve
------------------------------------------------------------
"If I'd asked my customers what they wanted, they'd have said
a faster horse" - Henry Ford

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to