On 21/05/14 22:14, Jakub Hrozek wrote:
On Wed, May 21, 2014 at 09:07:23PM +0200, steve wrote:
>>>> So why does nsupdate work but sssd doesn't?
>>>
>>> Can you show me how do you invoke nsupdate manually ?
>>> (sssd just invokes nsupate itself, so it must be some difference in the
>>> command file I guess).
>>>
>>> Simo.
>>>
>>
>> Ah just saw this in your other reply:
>>
>> steve@lubuntu-laptop:/tmp$ nsupdate -g -d
>> > server 192.168.1.16
>> > realm HH3.SITE
>> > update delete lubuntu-laptop.hh3.site 3600 A
>> > update add lubuntu-laptop.hh3.site 3600 A 192.168.1.22
>> > send
>>
>> So I guess the trick is finding out what sssd puts in the 'server'
>> field, I suspect it puts the AD DC name, and then nsupdate somehow has
>> issues resolving which DNS server that refers to ..
>>
>> If you raise the SSSD debug level to include SSSDBG_TRACE_FUNC messages
>> you should see a dump of the generated nsupdate msg file. Then you can
>> use it manually with nsupdate to find out what breaks in your setup.
>>
>> simo.
>>
> Hi
> OK. How do I 'include SSSDBG_TRACE_FUNC messages'?
>
> The thing is that 1.11.5 works fine with our openSUSE clients but
> not with the package which comes with Ubuntu 14.04. Anyway, we would
> like to know why.
> Thanks.
> Steve
Put debug_level=7 (or higher, up to 10) to the [domain] section of the
sssd.conf and run the test case again.
The logs should then include the full nsupdate message.
Also, did you kinit as the same principal the SSSD uses? Typically we'd
use shortname$@realm. That should be visible from the logs as well.
Hi
sssd sends:
update add lubuntu-laptop. 3600 in A 192.168.1.22
this fails with the short hostname, dot or no dot.
It works with nsupdate manually only with the fqdn:
update add lubuntu-laptop.hh3.site 3600 A 192.168.1.22
Can we get sssd to send the fqdn rather than the short hostname?
Cheers,
Steve