[Freeipa-users] Unable to enroll new client in DNS
Petr Spacek
pspacek at redhat.com
Thu Oct 22 07:24:09 UTC 2015
On 21.10.2015 22:43, Justin Lambert wrote:
> ;; ANSWER SECTION:
> 2667812275.sig-ipa1.domain.com. 0 ANY TKEY gss-tsig. 0 0 3 BADKEY 0 0
>
> dns_tkey_negotiategss: TKEY is unacceptable
Please consult named logs on server ipa1.domain.com and see if there are any
errors related to dynamic update.
Speaking about GSS-TSIG, one of problems can be clock skew between DNS server
and client.
Also, please add information about package versions:
$ rpm -q bind bind-dyndb-ldap
Thank you.
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list