atom feed3 messages in org.isc.lists.dhcp-usersRe: nsupdate & kerberos
FromSent OnAttachments
Smith BillJan 23, 2012 2:21 am 
Glenn SatchellJan 23, 2012 2:38 am 
Glenn SatchellJan 23, 2012 3:13 am 
Subject:Re: nsupdate & kerberos
From:Glenn Satchell (glen@uniq.com.au)
Date:Jan 23, 2012 3:13:19 am
List:org.isc.lists.dhcp-users

sorry, that's bind@lists.isc.org :)

regards, -glenn

Sounds like named / dns configuration issue - you might do better posting to the BINS Users mailing list?

regards, -glenn

On 01/23/12 21:21, Smith Bill wrote:

Hi

I am trying to get nsupdate with the parameter –g to update a Microsoft DNS Server. I have the following configuration:

I have a user setup in the Microsoft AD and this user is a member of DNS Admins (I have also explicitly assigned DNS rights to this user).

I have created a keytab file in Windows using the following command:

Ktpass –out c:\ddns1.keytab –princ DNS/W2K8@DHCPTEST.COM <mailto:DNS/W2K8@DHCPTEST.COM> –pass <password> -mapuser ddn@DHCPTEST.COM <mailto:ddn@DHCPTEST.COM> –ptype KRB5_NT_PRINCIPAL –crypto AES256-SHA1 –mapop set

I have all the domains set in krb5.conf

The keytab file is sent via ftp to the Linux Fedora 15 DHCP server.

I have used the command kinit –f –k –t /home/bill/ddns1.keytab DNS/W2K8@DHCPTEST.COM <mailto:DNS/W2K8@DHCPTEST.COM>

I have received a ticket and it is stored in the file referenced by KRB5CCNAME.

I use nsupdate –g

When I use the send command I am getting :

GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database.

Do I need to configure anything else on the Windows side? If not, what is going wrong???

Thanks for your time.

Regards

Bill Smith

Senior Solutions Architect

Architecture & Design H&NS North

Fujitsu Services

Tel: 07867 821165

Email:bill@uk.fujitsu.com