GSS-TSIG and Active Directory
Nicholas F Miller
Nicholas.Miller at Colorado.EDU
Fri Oct 1 16:05:42 UTC 2010
Updating to 9.7.2-P2 seems to be working. Of course it is not working exactly like we think it should. When we have a things set like this:
deny <DOMAIN> ms-self * SRV AAAA;
grant <DOMAIN> ms-self * ANY;
Nothing will update. When we set it like this:
deny <DOMAIN> ms-self * SRV;
grant <DOMAIN> ms-self * ANY;
Things seem to work when a client reboots.
When we try to add grants for the DCs like this:
grant <fqn of dc> ms-self * ANY;
grant <fqn of dc> ms-subdomain * ANY;
deny <DOMAIN> ms-self * SRV;
grant <DOMAIN> ms-self * ANY;
The DCs cannot update their SRV records.
_________________________________________________________
Nicholas Miller, ITS, University of Colorado at Boulder
On Oct 1, 2010, at 7:00 AM, Nicholas F Miller wrote:
> Thanks, I'll give it a try and see if things begin to work.
> _________________________________________________________
> Nicholas Miller, ITS, University of Colorado at Boulder
>
>
>
> On Sep 30, 2010, at 10:15 AM, Tony Finch wrote:
>
>> On Thu, 30 Sep 2010, Nicholas F Miller wrote:
>>
>>> Does anyone actually have GSS-TSIG working with an Active Directory?
>>
>> There are some GSS-TSIG interop fixes in 9.7.2.
>>
>> Tony.
>> --
>> f.anthony.n.finch <dot at dotat.at> http://dotat.at/
>> HUMBER THAMES DOVER WIGHT PORTLAND: NORTH BACKING WEST OR NORTHWEST, 5 TO 7,
>> DECREASING 4 OR 5, OCCASIONALLY 6 LATER IN HUMBER AND THAMES. MODERATE OR
>> ROUGH. RAIN THEN FAIR. GOOD.
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list