[Freeipa-users] automatic dns update failing
Marco Pizzoli
marco.pizzoli at gmail.com
Sun Feb 19 20:36:08 UTC 2012
On Sun, Feb 19, 2012 at 8:47 PM, Simo Sorce <simo at redhat.com> wrote:
> On Sun, 2012-02-19 at 17:23 +0100, Marco Pizzoli wrote:
> > Hi,
> > During my setup today I'm always failing in enrolling clients with
> > automatic dns updates.
> > I'm playing with FreeIPA 2.1.90, but I guess this is a general
> > problem, not strictly due to the alpha version.
> >
> > I'm doing a "ipa-client-install --enable-dns-updates" and at the
> > console I see:
> > Failed to update DNS A record. (Command '/usr/bin/nsupdate
> > -g /etc/ipa/.dns_update.txt' returned non-zero exit status 2)
> >
> > I see in server logs that named refuses it:
> > Feb 19 17:05:25 freeipa01 named[2089]: client 192.168.20.112#38558:
> > update 'internet.unix.mydomain.it/IN' denied
> > Feb 19 17:05:25 freeipa01 named[2089]: client 192.168.20.112#40809:
> > update 'internet.unix.mydomain.it/IN' denied
> >
> > What is the cause? What other informations do you need about my
> > deployment?
>
> Did you install freeipa with the --setup-dns option ?
> And does your client use the freeipa dns server in that case ?
>
> If either answer is no, it is normal to see the update fail as a non
> freeipa dns server wouldn't be able to accept the update (unless you
> manually configured the external server to handle GSS-TSIG updates).
>
> If both answers are yes then we may need to activate debug logging in
> named, as it is supposed to work.
>
Yes to both.
Please let me know the best way to do it and I will follow it.
-----------
I already found a bug with the web ui. I'll send another mail in a few
minutes.
>
> Simo.
>
> --
> Simo Sorce * Red Hat, Inc * New York
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120219/e567a689/attachment.htm>
More information about the Freeipa-users
mailing list