That is how I created my keytab as well.
It is interesting, when I try an update from a client all I get are denies.
When I try an update using nsupdate -g from the DNS server I will get a REFUSED
but I will also get a DNS/h...@domain kerb ticket from the keytab.
At Fri, 1 Oct 2010 07:05:40 -0600, Nicholas F Miller wrote:
It is interesting, when I try an update from a client all I get are
denies. When I try an update using nsupdate -g from the DNS server I
will get a REFUSED but I will also get a DNS/h...@domain kerb ticket
from the keytab.
It might
Sorry, I spent most of the last two weeks locked in a conference room
and mostly off net, still catching up.
At Mon, 27 Sep 2010 07:54:54 -0600, Nicholas F Miller wrote:
DNS Standard query TKEY
472-ms-7.32-1772bef1.ddfb6613-c726-11df-dfa0-005056a22c3e
Queries
Do you need anything other than libgssapi installed for GSS-TSIG to work. Are
any of these required as well:
cyrus-sasl-gssapi.i386 2.1.22-5.el5_4.3 rhel-x86_64-client-5
cyrus-sasl-gssapi.x86_64 2.1.22-5.el5_4.3 rhel-x86_64-client-5
libgssapi.i386
Are you sure? ;-P
I can't seem to get things working. It looks like the Windows machines are not
happy with the TKEY the DCs are giving them. I can kinit a user account from
the AD on the DNS server so our krb5.conf appears correct. I am getting errors
when I run kinit -k -t /etc/krb5.keytab
A small correction:
The packets captured below were between one of the DCs and the DNS server not a
client.
Also, I am getting this as well when I run nsupdate -g and try to add an A
record:
dns_tkey_negotiategss: TKEY is unacceptable
_
At Fri, 17 Sep 2010 09:17:09 -0600, Nicholas F Miller wrote:
I was wondering if it is possible to use the tkey-gssapi-credential
and update-policy on a Windows install of bind. It strikes me that
running bind on a Windows server, snapped into the AD it will serve
DNS to, should be the
Thanks, that will save me a bunch of time. Of course I spent my morning testing
it out to no avail.
Does anyone have instructions on how to setup a Linux bind server to use
GSS-TSIG against an AD? I have found many articles from people having issues
with it but none that had good instructions
At Fri, 17 Sep 2010 13:18:42 -0600, Nicholas F Miller wrote:
Does anyone have instructions on how to setup a Linux bind server to
use GSS-TSIG against an AD? I have found many articles from people
having issues with it but none that had good instructions on how to
get it working. Last year
9 matches
Mail list logo