Is there a bug in the implementation of the update-policy or do I not have a
grasp on how it should work?
If wanted to only allow machines in an Active Directory the ability to update
their 'A' records shouldn't I be able to use a statement like this:
update-policy {
Yea, it seems that people got it working when the functionality came out but
subsequently I haven't seen it working for anyone in a production environment.
_
Nicholas Miller, ITS, University of Colorado at Boulder
On Sep 30, 2010, at 3:24
Thanks, I'll give it a try and see if things begin to work.
_
Nicholas Miller, ITS, University of Colorado at Boulder
On Sep 30, 2010, at 10:15 AM, Tony Finch wrote:
On Thu, 30 Sep 2010, Nicholas F Miller wrote:
Does anyone actually
Updating to 9.7.2-P2 seems to be working. Of course it is not working exactly
like we think it should. When we have a things set like this:
deny DOMAIN ms-self * SRV ;
grant DOMAIN ms-self * ANY;
Nothing will update. When we set it like this:
deny DOMAIN ms-self * SRV;
grant DOMAIN ms-self
If you're trying to grant update rights to a specific machine (rather
than every machine in the realm), something like:
grant d...@realm. subdomain dnsname.;
might work better, where d...@realm is (eg) the Kerberos principle
corresponding to your DC and dnsname is the tree to which you want
to
YES Brilliant Thanks Rob.
I think it is working now. I have the update-policy setup as follows:
grant d...@realm wildcard * ANY;
grant d...@realm wildcard * ANY;
grant dns_serv...@realm wildcard * ANY;
deny REALM ms-self *
Does anyone actually have GSS-TSIG working with an Active Directory? I see
plenty of posts from people trying to get it to work. I have yet to see anyone
who claims to actually have it working. Did MS change something in 2008r2 since
GSS-TSIG was implemented in bind to make it inoperable?
On Thu, 30 Sep 2010, Nicholas F Miller wrote:
Does anyone actually have GSS-TSIG working with an Active Directory?
There are some GSS-TSIG interop fixes in 9.7.2.
Tony.
--
f.anthony.n.finch d...@dotat.at http://dotat.at/
HUMBER THAMES DOVER WIGHT PORTLAND: NORTH BACKING WEST OR NORTHWEST, 5
On 2010-09-30, at 11:24 AM, Nicholas F Miller wrote:
Does anyone actually have GSS-TSIG working with an Active Directory? I see
plenty of posts from people trying to get it to work. I have yet to see
anyone who claims to actually have it working. Did MS change something in
2008r2 since
9 matches
Mail list logo
