Thanks to both Mark and Nicholas for the help. Unfortunately, still not
able to get this working (BIND 9.8.2 (RHEL 6) & AD 2008R2). It's a case
of AD negotiating a TKEY (successfully), then reverting back to unsigned
updates. If an update's not signed, doesn't matter what your
update-policy
You might try changing your update-policy from:
grant johnmill-dnst...@lab.brandeis.edu zonesub ANY;
grant * zonesub ANY;
to
grant johnmill-dnst...@lab.brandeis.edu zonesub ANY;
grant LAB.BRANDEIS.EDU zonesub ANY;
I’m not positive this is the proper syntax since we don’t use the zonesub
option
See
tkey-gssapi-credential ;
tkey-gssapi-keytab ;
grant ms-subdomain ;
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please vi
Hi folks,
I'm trying to get our AD domain controllers to update our BIND 9.8.2
servers--specifically for the zone
_msdcs.lab.brandeis.edu.
I've got updates working in general: I can run kinit @REALM (
johnmill-dns-t...@lab.brandeis.edu in this case), then successfully run
nsupdate -g from my des
4 matches
Mail list logo