On 20.5.2015 17:38, Brian Koontz wrote:
> Running FreeIPA 4.1.4, Fedora 21. Trying to get dynamic DNS updates on
> clients to work following these instructions:
>
> http://www.freeipa.org/page/Howto/DNS_updates_and_zone_transfers_with_TSIG
>
> (Using GSS-TSIG isn't an option because I have no way of authenticating
> every time a client IP changes.)
Generally, GSS-TSIG with Kerberos should not be affected by changes in
client's IP address and is strongly recommended over TSIG.
> I've reread the instructions several times, but each time I get "update
> failed: REFUSED". Logs aren't showing anything useful other than the query
> is being refused. Is this document missing an important step?
Yes, thank you for catching this!
I added 'ipa dnszone-mod --dynamic-update=1' command to the how-to:
http://www.freeipa.org/page/Howto/DNS_updates_and_zone_transfers_with_TSIG#Server
> (I saw no
> need to create a DNS/ service as there should be no krb5 authentication
> involved here...)
This is correct assumption, you should not need it.
Thank you for your time!
--
Petr^2 Spacek
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project