[Freeipa-users] nsupdate refused
Loris Santamaria
loris at lgs.com.ve
Sat Apr 27 19:04:27 UTC 2013
Hi
El sáb, 27-04-2013 a las 10:35 -0400, Guy Matz escribió:
> Hi! Anyone out there know how to get nsupdate to work with an IPA
> controlled DNS server? I have followed the instructions at
> http://freeipa.org/page/Dynamic_updates_with_GSS-TSIG in an attempt to
> get a single machine to be able to perform any update, and have this as
> one of the entries in my "bind update policy":
> grant SERVICE\047foreman.collmedia.net at COLLMEDIA.NET wildcard * ANY;
Your zone update policy should include something like "grant
host/\047foreman.collmedia.net at COLLMEDIA.NET wildcard * ANY;"
After that on foreman.collmedia.net you should call kinit followed by
nsupdate:
# kinit -k host/foreman.collmedia.net
# nsupdate -g
Hope this helps.
> and dynamic update is set to true, but still I get this in
> /var/log/messages on my IPA server when attempting an update from the
> foreman server in the grant statement above:
> ipadevmstr named[27956]: client 192.168.8.113#60749: updating zone
> 'collmedia.net/IN': update failed: rejected by secure update (REFUSED)
>
> Any help is greatly appreciated!
>
> Thanks,
> Guy
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
--
Loris Santamaria linux user #70506 xmpp:loris at lgs.com.ve
Links Global Services, C.A. http://www.lgs.com.ve
Tel: 0286 952.06.87 Cel: 0414 095.00.10 sip:103 at lgs.com.ve
------------------------------------------------------------
"If I'd asked my customers what they wanted, they'd have said
a faster horse" - Henry Ford
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6173 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130427/e41e5df3/attachment.bin>
More information about the Freeipa-users
mailing list