Hi El sáb, 27-04-2013 a las 10:35 -0400, Guy Matz escribió: > Hi! Anyone out there know how to get nsupdate to work with an IPA > controlled DNS server? I have followed the instructions at > http://freeipa.org/page/Dynamic_updates_with_GSS-TSIG in an attempt to > get a single machine to be able to perform any update, and have this as > one of the entries in my "bind update policy": > grant SERVICE\[email protected] wildcard * ANY;
Your zone update policy should include something like "grant host/\[email protected] wildcard * ANY;" After that on foreman.collmedia.net you should call kinit followed by nsupdate: # kinit -k host/foreman.collmedia.net # nsupdate -g Hope this helps. > and dynamic update is set to true, but still I get this in > /var/log/messages on my IPA server when attempting an update from the > foreman server in the grant statement above: > ipadevmstr named[27956]: client 192.168.8.113#60749: updating zone > 'collmedia.net/IN': update failed: rejected by secure update (REFUSED) > > Any help is greatly appreciated! > > Thanks, > Guy > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users -- Loris Santamaria linux user #70506 xmpp:[email protected] Links Global Services, C.A. http://www.lgs.com.ve Tel: 0286 952.06.87 Cel: 0414 095.00.10 sip:[email protected] ------------------------------------------------------------ "If I'd asked my customers what they wanted, they'd have said a faster horse" - Henry Ford
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
