Is your dns server set to secure updates only?

On Tue, Mar 13, 2018, 5:40 AM Roger Martensson <roger.martensson@gmail.com> wrote:
After som serious digging I caved in and upgraded dnsutils on my Ubuntu. Seems that the future Ubuntu 18.04 has a non-working install of nsupdate.
When upgrading to version 9.12 nsupdate (using ISC PPA) everything started to work.

2018-03-09 19:24 GMT+01:00 Roger Martensson <roger.martensson@gmail.com>:
Hi!

Setup: Ubuntu 18.04 (future), SSSD 1.16.0, nsupdate/bind: 9.11.2.P1, 2008R2 DC/DNS

I need some help and guidance with troubleshooting nsupdate-problems.
I get the famous "TSIG error with server: tsig verify failure" when trying to update my A-record against our Microsoft DNS.
I get the error in sssd-logs and the same error when running nsupdate manually with the same input as found in the logs (when cranking up debug level).

I have tried with client keytab and with a user that I know have permission to update. (nsupdate with -g)

SSSD is fully configured and I can do user lookups and logins. ldapsearch agains different domains in the forest with -Y GSSAPI works without problem.

Our setup is a domain forest where the clients are in the subdomain and the DNS is in the parent domain. Parent DNS domain and subdomains is in the same Zone and has Secure Only updates enabled. 

Anyone have any ideas what I can do next to troubleshoot this issue?




_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org