GSS-TSIG and MS 2003 server
Rob Austein
Rob_Austein at isc.org
Thu Oct 11 18:10:08 UTC 2007
At Thu, 11 Oct 2007 19:51:26 +0200, Adam Tkac wrote:
>
> does anybody know if is possible do GSS-TSIG DDNS update with
> nsupdate to MS 2003 server? I always get REFUSED from MS server. Or
> this functionality still doesn't work :(
Hmm, we were focused primarily on MS clients being able to update
named using DDNS with GSS-TSIG, and we had that working in our lab.
We also had nsupdate being able to update named using GSS-TSIG (BIND
client talking to BIND server). I no longer recall whether we tested
nsupdate talking to MS server.
My guess, and it's just a guess based on the other tests, is that the
GSS-TSIG code itself works, and this is really an authorization
problem off in Microsoft-land. nsupdate is just a DDNS client with
GSS-TSIG support, it's not an Active Directory client, doesn't speak
LDAP, etc.
More information about the bind-workers
mailing list