That is how I created my keytab as well.
It is interesting, when I try an update from a client all I get are denies.
When I try an update using nsupdate -g from the DNS server I will get a REFUSED
but I will also get a DNS/h...@domain kerb ticket from the keytab.
At Fri, 1 Oct 2010 07:05:40 -0600, Nicholas F Miller wrote:
It is interesting, when I try an update from a client all I get are
denies. When I try an update using nsupdate -g from the DNS server I
will get a REFUSED but I will also get a DNS/h...@domain kerb ticket
from the keytab.
It might
Sorry, I spent most of the last two weeks locked in a conference room
and mostly off net, still catching up.
At Mon, 27 Sep 2010 07:54:54 -0600, Nicholas F Miller wrote:
DNS Standard query TKEY
472-ms-7.32-1772bef1.ddfb6613-c726-11df-dfa0-005056a22c3e
Queries
this:
options {
...snip
tkey-gssapi-credential DNS/fqn of the DNS server;
tkey-domain FQN of DOMAIN;
}
update-policy {
grant FQN of DOMAIN ms-self * A;
};
Any ideas? Have I missed something obvious
contains an update-policy like this:
options {
...snip
tkey-gssapi-credential DNS/fqn of the DNS server;
tkey-domain FQN of DOMAIN;
}
update-policy {
grant FQN of DOMAIN ms-self * A;
};
Any ideas? Have I missed
:00:00.0 Mountain
Standard Time
Mode: GSSAPI
Error: Bad key
Key Size: 0
Other Size: 0
The named.conf contains an update-policy like this:
options {
...snip
tkey-gssapi-credential DNS/fqn of the DNS server
I was wondering if it is possible to use the tkey-gssapi-credential and
update-policy on a Windows install of bind. It strikes me that running bind on
a Windows server, snapped into the AD it will serve DNS to, should be the
easiest way of getting DDNS with update-policy control working.
Am I
At Fri, 17 Sep 2010 09:17:09 -0600, Nicholas F Miller wrote:
I was wondering if it is possible to use the tkey-gssapi-credential
and update-policy on a Windows install of bind. It strikes me that
running bind on a Windows server, snapped into the AD it will serve
DNS to, should
of Colorado at Boulder
On Sep 17, 2010, at 12:54 PM, Rob Austein wrote:
At Fri, 17 Sep 2010 09:17:09 -0600, Nicholas F Miller wrote:
I was wondering if it is possible to use the tkey-gssapi-credential
and update-policy on a Windows install of bind. It strikes me that
running bind
At Fri, 17 Sep 2010 13:18:42 -0600, Nicholas F Miller wrote:
Does anyone have instructions on how to setup a Linux bind server to
use GSS-TSIG against an AD? I have found many articles from people
having issues with it but none that had good instructions on how to
get it working. Last year
10 matches
Mail list logo
