Yet another GSS-TSIG thread for BIND9 with AD
Vinícius Ferrão
ferrao at versatushpc.com.br
Sat Jun 13 02:16:01 UTC 2020
Hi Tim, sorry foi the delayed answer, but the message was gone to the spam folder.
I tried with your settings but the results were the same:
==> /var/log/named/update.log <==
12-Jun-2020 23:14:42.767 client @0x7f2c580a1ca0 192.0.2.11#55332: updating zone 'local.example.com/IN':<http://local.example.com/IN':> prerequisites are OK
12-Jun-2020 23:14:42.767 client @0x7f2c580a1ca0 192.0.2.11#55332: updating zone 'local.example.com/IN':<http://local.example.com/IN':> rolling back
==> /var/log/named/default.log <==
12-Jun-2020 23:14:42.767 client @0x7f2c580a1ca0 192.0.2.11#55332: update 'local.example.com/IN’<http://local.example.com/IN’> denied
On 24 May 2020, at 02:39, Tim Maestas <tmaestas95 at gmail.com<mailto:tmaestas95 at gmail.com>> wrote:
On Sat, May 23, 2020 at 12:19 PM Vinícius Ferrão via bind-users <bind-users at lists.isc.org<mailto:bind-users at lists.isc.org>> wrote:
grant * subdomain local.example.com<http://local.example.com/>. ANY;
};
};
I use:
grant LOCAL.EXAMPLE.COM<http://local.example.com/> ms-self .;
...for my domain joined members and
grant HOSTNAME$@LOCAL.EXAMPLE.COM<http://local.example.com/> subdomain local.example.com<http://local.example.com/> ANY;
....for my domain controllers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200613/8bf043d2/attachment.htm>
More information about the bind-users
mailing list