nsupdate & kerberos

[Glenn Satchell]

sorry, that's bind-users at lists.isc.org  :)

regards,
-glenn

On 01/23/12 21:38, Glenn Satchell wrote:
> Sounds like named / dns configuration issue - you might do better
> posting to the BINS Users mailing list?
>
> regards,
> -glenn
>
> On 01/23/12 21:21, Smith Bill wrote:
>> Hi
>>
>> I am trying to get nsupdate with the parameter –g to update a Microsoft
>> DNS Server. I have the following configuration:
>>
>> I have a user setup in the Microsoft AD and this user is a member of DNS
>> Admins (I have also explicitly assigned DNS rights to this user).
>>
>> I have created a keytab file in Windows using the following command:
>>
>> Ktpass –out c:\ddns1.keytab –princ DNS/W2K8DC.DHCPTEST.COM at DHCPTEST.COM
>> <mailto:DNS/W2K8DC.DHCPTEST.COM at DHCPTEST.COM> –pass <password> -mapuser
>> ddns1 at DHCPTEST.COM <mailto:ddns1 at DHCPTEST.COM> –ptype KRB5_NT_PRINCIPAL
>> –crypto AES256-SHA1 –mapop set
>>
>> I have all the domains set in krb5.conf
>>
>> The keytab file is sent via ftp to the Linux Fedora 15 DHCP server.
>>
>> I have used the command kinit –f –k –t /home/bill/ddns1.keytab
>> DNS/W2K8DC.DHCPTEST.COM at DHCPTEST.COM
>> <mailto:DNS/W2K8DC.DHCPTEST.COM at DHCPTEST.COM>
>>
>> I have received a ticket and it is stored in the file referenced by
>> KRB5CCNAME.
>>
>> I use nsupdate –g
>>
>> When I use the send command I am getting :
>>
>> GSSAPI error: Major = Unspecified GSS failure. Minor code may provide
>> more information, Minor = Server not found in Kerberos database.
>>
>> Do I need to configure anything else on the Windows side? If not, what
>> is going wrong???
>>
>> Thanks for your time.
>>
>> Regards
>>
>> Bill Smith
>>
>> Senior Solutions Architect
>>
>> Architecture & Design H&NS North
>>
>> Fujitsu Services
>>
>> Tel: 07867 821165
>>
>> Email:bill.smith at uk.fujitsu.com
>>
>>