[Freeipa-users] nsupdate refused
Jakub Hrozek
jhrozek at redhat.com
Sun Apr 28 17:50:47 UTC 2013
On Sat, Apr 27, 2013 at 02:34:27PM -0430, Loris Santamaria wrote:
> Hi
>
> El sáb, 27-04-2013 a las 10:35 -0400, Guy Matz escribió:
> > Hi! Anyone out there know how to get nsupdate to work with an IPA
> > controlled DNS server? I have followed the instructions at
> > http://freeipa.org/page/Dynamic_updates_with_GSS-TSIG in an attempt to
> > get a single machine to be able to perform any update, and have this as
> > one of the entries in my "bind update policy":
> > grant SERVICE\047foreman.collmedia.net at COLLMEDIA.NET wildcard * ANY;
>
> Your zone update policy should include something like "grant
> host/\047foreman.collmedia.net at COLLMEDIA.NET wildcard * ANY;"
>
> After that on foreman.collmedia.net you should call kinit followed by
> nsupdate:
>
> # kinit -k host/foreman.collmedia.net
> # nsupdate -g
>
Also the SSSD logs on a high debug level (7+ IIRC) include the full
nsupdate message that might come handy when troubleshooting.
More information about the Freeipa-users
mailing list