On Sat, Apr 27, 2013 at 02:34:27PM -0430, Loris Santamaria wrote: > Hi > > El sáb, 27-04-2013 a las 10:35 -0400, Guy Matz escribió: > > Hi! Anyone out there know how to get nsupdate to work with an IPA > > controlled DNS server? I have followed the instructions at > > http://freeipa.org/page/Dynamic_updates_with_GSS-TSIG in an attempt to > > get a single machine to be able to perform any update, and have this as > > one of the entries in my "bind update policy": > > grant SERVICE\[email protected] wildcard * ANY; > > Your zone update policy should include something like "grant > host/\[email protected] wildcard * ANY;" > > After that on foreman.collmedia.net you should call kinit followed by > nsupdate: > > # kinit -k host/foreman.collmedia.net > # nsupdate -g >
Also the SSSD logs on a high debug level (7+ IIRC) include the full nsupdate message that might come handy when troubleshooting. _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
