After som serious digging I caved in and upgraded dnsutils on my Ubuntu.
Seems that the future Ubuntu 18.04 has a non-working install of nsupdate.
When upgrading to version 9.12 nsupdate (using ISC PPA) everything started
to work.
2018-03-09 19:24 GMT+01:00 Roger Martensson <roger.martensson(a)gmail.com>:
Hi!
Setup: Ubuntu 18.04 (future), SSSD 1.16.0, nsupdate/bind: 9.11.2.P1,
2008R2 DC/DNS
I need some help and guidance with troubleshooting nsupdate-problems.
I get the famous "TSIG error with server: tsig verify failure" when trying
to update my A-record against our Microsoft DNS.
I get the error in sssd-logs and the same error when running nsupdate
manually with the same input as found in the logs (when cranking up debug
level).
I have tried with client keytab and with a user that I know have
permission to update. (nsupdate with -g)
SSSD is fully configured and I can do user lookups and logins. ldapsearch
agains different domains in the forest with -Y GSSAPI works without problem.
Our setup is a domain forest where the clients are in the subdomain and
the DNS is in the parent domain. Parent DNS domain and subdomains is in the
same Zone and has Secure Only updates enabled.
Anyone have any ideas what I can do next to troubleshoot this issue?