GSS-TSIG and MS 2003 server
Danny Mayer
mayer at gis.net
Thu Oct 18 01:44:34 UTC 2007
Adam Tkac wrote:
> On Sun, Oct 14, 2007 at 12:55:51AM -0400, Danny Mayer wrote:
>> Adam Tkac wrote:
>>> Hi,
>>>
>>> does anybody know if is possible do GSS-TSIG DDNS update with
>>> nsupdate to MS 2003 server? I always get REFUSED from MS server.
>>> Or this functionality still doesn't work :(
>>>
>>> Adam
>> What exactly do you mean by REFUSED? Is this nsupdate telling you
>> refused? Is it the standard "connection refused" message, ie
>> nothing listening on that node at that port, is it MS 2003 server
>> logging a REFUSED message in the event log?
>>
>> Can you post the actual message and where's it's coming from?
>>
>> Danny
>>
>
> I got dynamic update response from server with reply code 5 (=
> REFUSED). Also in M$ server logfile is logged response with REFUSED
> reply code. I have network traces (libpcap format, analyzable with
> wireshark/ethereal) on my website
> (http://people.redhat.com/atkac/{samba,samba.machine,nsupdate}). If
> you are interested in them samba is standard DDNS update with
> Administrator principal, samba.machine with machine principal and
> nsupdate with Administrator principal (sended with modified nsupdate
> because I want send same query like samba).
>
> Adam
>
It would be interesting to crank up the Kerberos debug level on the AD
server and find out the specifics of the refused message.
Danny
More information about the bind-workers
mailing list