Den 13 mars 2018 12:09 skrev "Max DiOrio" <mdiorio(a)gmail.com>:
Is your dns server set to secure updates only?
Yes it is and as is should be.
I've filed a bugreport on the package at Ubunts launchpad so hopefully it
gets resolved before release of 18.04.
On Tue, Mar 13, 2018, 5:40 AM Roger Martensson <roger.martensson(a)gmail.com>
> After som serious digging I caved in and upgraded dnsutils on my Ubuntu.
> Seems that the future Ubuntu 18.04 has a non-working install of nsupdate.
> When upgrading to version 9.12 nsupdate (using ISC PPA) everything
> started to work.
> 2018-03-09 19:24 GMT+01:00 Roger Martensson <roger.martensson(a)gmail.com>:
>> Setup: Ubuntu 18.04 (future), SSSD 1.16.0, nsupdate/bind: 9.11.2.P1,
>> 2008R2 DC/DNS
>> I need some help and guidance with troubleshooting nsupdate-problems.
>> I get the famous "TSIG error with server: tsig verify failure" when
>> trying to update my A-record against our Microsoft DNS.
>> I get the error in sssd-logs and the same error when running nsupdate
>> manually with the same input as found in the logs (when cranking up debug
>> I have tried with client keytab and with a user that I know have
>> permission to update. (nsupdate with -g)
>> SSSD is fully configured and I can do user lookups and logins.
>> ldapsearch agains different domains in the forest with -Y GSSAPI works
>> without problem.
>> Our setup is a domain forest where the clients are in the subdomain and
>> the DNS is in the parent domain. Parent DNS domain and subdomains is in the
>> same Zone and has Secure Only updates enabled.
>> Anyone have any ideas what I can do next to troubleshoot this issue?
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org