GSS-TSIG and MS 2003 server

Rob Austein Rob_Austein at isc.org
Thu Oct 11 18:10:08 UTC 2007


At Thu, 11 Oct 2007 19:51:26 +0200, Adam Tkac wrote:
> 
> does anybody know if is possible do GSS-TSIG DDNS update with
> nsupdate to MS 2003 server? I always get REFUSED from MS server. Or
> this functionality still doesn't work :(

Hmm, we were focused primarily on MS clients being able to update
named using DDNS with GSS-TSIG, and we had that working in our lab.
We also had nsupdate being able to update named using GSS-TSIG (BIND
client talking to BIND server).  I no longer recall whether we tested
nsupdate talking to MS server.

My guess, and it's just a guess based on the other tests, is that the
GSS-TSIG code itself works, and this is really an authorization
problem off in Microsoft-land.  nsupdate is just a DDNS client with
GSS-TSIG support, it's not an Active Directory client, doesn't speak
LDAP, etc.


More information about the bind-workers mailing list