nsupdate & kerberos

Smith Bill Bill.Smith at uk.fujitsu.com
Mon Jan 23 10:21:47 UTC 2012


Hi

 

I am trying to get nsupdate with the parameter -g to update a Microsoft
DNS Server. I have the following configuration: 

 

I have a user setup in the Microsoft AD and this user is a member of DNS
Admins (I have also explicitly assigned DNS rights to this user).

 

I have created a keytab file in Windows using the following command:

 

Ktpass -out c:\ddns1.keytab -princ DNS/W2K8DC.DHCPTEST.COM at DHCPTEST.COM
-pass <password> -mapuser ddns1 at DHCPTEST.COM -ptype KRB5_NT_PRINCIPAL
-crypto AES256-SHA1 -mapop set

 

I have all the domains set in krb5.conf

 

The keytab file is sent via ftp to the Linux Fedora 15 DHCP server.

 

I have used the command kinit -f -k -t /home/bill/ddns1.keytab
DNS/W2K8DC.DHCPTEST.COM at DHCPTEST.COM

 

I have received a ticket and it is stored in the file referenced by
KRB5CCNAME.

 

I use nsupdate -g

 

When I use the send command I am getting :

 

GSSAPI error: Major = Unspecified GSS failure.  Minor code may provide
more information, Minor = Server not found in Kerberos database.

 

Do I need to configure anything else on the Windows side? If not, what
is going wrong???

 

Thanks for your time.

 

Regards

 

Bill Smith

Senior Solutions Architect

Architecture & Design H&NS North

Fujitsu Services

Tel: 07867 821165

Email:bill.smith at uk.fujitsu.com

 

 


Unless otherwise stated, this email has been sent from Fujitsu Services Limited, from Fujitsu (FTS) Limited, or from Fujitsu Telecommunications Europe Limited, together "Fujitsu".
 
This email is only for the use of its intended recipient.  Its contents are subject to a duty of confidence and may be privileged.  Fujitsu does not guarantee that this email has not been intercepted and amended or that it is virus-free.

Fujitsu Services Limited, registered in England No 96056, registered office 22 Baker Street, London W1U 3BW.

Fujitsu (FTS) Limited, registered in England No 03808613, registered office 22 Baker Street, London W1U 3BW.

Fujitsu Telecommunications Europe Limited, registered in England No 2548187, registered office Solihull Parkway, Birmingham Business Park, Birmingham, B37 7YU.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20120123/cd2250bb/attachment.html>


More information about the dhcp-users mailing list