Is your dns server set to secure updates only?

On Tue, Mar 13, 2018, 5:40 AM Roger Martensson <roger.martens...@gmail.com>
wrote:

> After som serious digging I caved in and upgraded dnsutils on my Ubuntu.
> Seems that the future Ubuntu 18.04 has a non-working install of nsupdate.
> When upgrading to version 9.12 nsupdate (using ISC PPA) everything started
> to work.
>
> 2018-03-09 19:24 GMT+01:00 Roger Martensson <roger.martens...@gmail.com>:
>
>> Hi!
>>
>> Setup: Ubuntu 18.04 (future), SSSD 1.16.0, nsupdate/bind: 9.11.2.P1,
>> 2008R2 DC/DNS
>>
>> I need some help and guidance with troubleshooting nsupdate-problems.
>> I get the famous "TSIG error with server: tsig verify failure" when
>> trying to update my A-record against our Microsoft DNS.
>> I get the error in sssd-logs and the same error when running nsupdate
>> manually with the same input as found in the logs (when cranking up debug
>> level).
>>
>> I have tried with client keytab and with a user that I know have
>> permission to update. (nsupdate with -g)
>>
>> SSSD is fully configured and I can do user lookups and logins. ldapsearch
>> agains different domains in the forest with -Y GSSAPI works without problem.
>>
>> Our setup is a domain forest where the clients are in the subdomain and
>> the DNS is in the parent domain. Parent DNS domain and subdomains is in the
>> same Zone and has Secure Only updates enabled.
>>
>> Anyone have any ideas what I can do next to troubleshoot this issue?
>>
>>
>>
>>
> _______________________________________________
> sssd-users mailing list -- sssd-users@lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
>
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org

Reply via email to