nsupdate & kerberos

Glenn Satchell glenn.satchell at uniq.com.au
Mon Jan 23 10:38:07 UTC 2012


Sounds like named / dns configuration issue - you might do better 
posting to the BINS Users mailing list?

regards,
-glenn

On 01/23/12 21:21, Smith Bill wrote:
> Hi
>
> I am trying to get nsupdate with the parameter –g to update a Microsoft
> DNS Server. I have the following configuration:
>
> I have a user setup in the Microsoft AD and this user is a member of DNS
> Admins (I have also explicitly assigned DNS rights to this user).
>
> I have created a keytab file in Windows using the following command:
>
> Ktpass –out c:\ddns1.keytab –princ DNS/W2K8DC.DHCPTEST.COM at DHCPTEST.COM
> <mailto:DNS/W2K8DC.DHCPTEST.COM at DHCPTEST.COM> –pass <password> -mapuser
> ddns1 at DHCPTEST.COM <mailto:ddns1 at DHCPTEST.COM> –ptype KRB5_NT_PRINCIPAL
> –crypto AES256-SHA1 –mapop set
>
> I have all the domains set in krb5.conf
>
> The keytab file is sent via ftp to the Linux Fedora 15 DHCP server.
>
> I have used the command kinit –f –k –t /home/bill/ddns1.keytab
> DNS/W2K8DC.DHCPTEST.COM at DHCPTEST.COM
> <mailto:DNS/W2K8DC.DHCPTEST.COM at DHCPTEST.COM>
>
> I have received a ticket and it is stored in the file referenced by
> KRB5CCNAME.
>
> I use nsupdate –g
>
> When I use the send command I am getting :
>
> GSSAPI error: Major = Unspecified GSS failure. Minor code may provide
> more information, Minor = Server not found in Kerberos database.
>
> Do I need to configure anything else on the Windows side? If not, what
> is going wrong???
>
> Thanks for your time.
>
> Regards
>
> Bill Smith
>
> Senior Solutions Architect
>
> Architecture & Design H&NS North
>
> Fujitsu Services
>
> Tel: 07867 821165
>
> Email:bill.smith at uk.fujitsu.com
>
>
> Unless otherwise stated, this email has been sent from Fujitsu Services
> Limited, from Fujitsu (FTS) Limited, or from Fujitsu Telecommunications
> Europe Limited, together "Fujitsu".
>
> This email is only for the use of its intended recipient. Its contents
> are subject to a duty of confidence and may be privileged. Fujitsu does
> not guarantee that this email has not been intercepted and amended or
> that it is virus-free.
>
> Fujitsu Services Limited, registered in England No 96056, registered
> office 22 Baker Street, London W1U 3BW.
>
> Fujitsu (FTS) Limited, registered in England No 03808613, registered
> office 22 Baker Street, London W1U 3BW.
>
> Fujitsu Telecommunications Europe Limited, registered in England No
> 2548187, registered office Solihull Parkway, Birmingham Business Park,
> Birmingham, B37 7YU.
>
>



More information about the dhcp-users mailing list