On Tue, 2013-04-30 at 12:08 -0400, Guy Matz wrote: > hi! Anyone out there gotten Dynamic DNS freeipa-managed DNS server? > I've been trying for days following instructions from various freeipa > and redhat docs! I've set up keytabs, set up /etc/rndc.key, set > Dynamic update to True and put the following in my BIND update policy: > grant host\047foreman.collmedia....@collmedia.net wildcard * ANY; > grant host\047ipadevmstr.collmedia....@collmedia.net wildcard * ANY;
This looks good, you've put these in LDAP right ? Can you show the attributes as retrieved from a ldapsearch just to check the formatting is correct ? > I keep getting: > > # nsupdate -g a_update > update failed: REFUSED > update failed: REFUSED > [root@ipadevmstr ~]# cat a_update > server ipadevmstr.collmedia.net > zone collmedia.net. > update add client.collmedia.net. 86400 IN A > 192.168.8.120 > send > update delete client.collmedia.net. IN A > send shouldn't you delete first add second ? > tail /var/log/messages > Apr 30 11:52:32 ipadevmstr named[9349]: client 192.168.8.111#26141: > query: collmedia.net IN SOA - (192.168.8.111) > Apr 30 11:52:32 ipadevmstr named[9349]: client 192.168.8.111#37600: > query: 692300375.sig-ipadevmstr.collmedia.net ANY TKEY -T (192.168.8.111) > Apr 30 11:52:32 ipadevmstr named[9349]: client 192.168.8.111#52609: > updating zone 'collmedia.net/IN': update failed: rejected by secure > update (REFUSED) > Apr 30 11:52:32 ipadevmstr named[9349]: client 192.168.8.111#26141: > query: collmedia.net IN SOA - (192.168.8.111) > Apr 30 11:52:32 ipadevmstr named[9349]: client 192.168.8.111#40423: > query: 718499086.sig-ipadevmstr.collmedia.net ANY TKEY -T (192.168.8.111) > Apr 30 11:52:32 ipadevmstr named[9349]: client 192.168.8.111#37000: > updating zone 'collmedia.net/IN': update failed: rejected by secure > update (REFUSED) Something seem wrong with the Access Control policy ... Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users