Hi Guy! I've been working with this recently - maybe I can help.
Have you enrolled the ipadevmstr.collmedia.net as a service with `ipa service-add DNS/ipadevmstr.collmedia.net`? On the client, can you `kinit -kt $dnskeytab -p DNS/ipadevmstr.collmedia.net` just fine? You'll have to kinit before you can do `nsupdate -g a_update`. If all else fails, on the IPA Server, what does your kdc log say in /var/log/krb5kdc.log? HTH, Lynn Root @roguelynn Associate Software Engineer On Apr 30, 2013, at 9:08 AM, Guy Matz <[email protected]> wrote: > hi! Anyone out there gotten Dynamic DNS freeipa-managed DNS server? I've > been trying for days following instructions from various freeipa and redhat > docs! I've set up keytabs, set up /etc/rndc.key, set Dynamic update to True > and put the following in my BIND update policy: > grant host\[email protected] wildcard * ANY; > grant host\[email protected] wildcard * ANY; > > I keep getting: > > # nsupdate -g a_update > update failed: REFUSED > update failed: REFUSED > [root@ipadevmstr ~]# cat a_update > server ipadevmstr.collmedia.net > zone collmedia.net. > update add client.collmedia.net. 86400 IN A > 192.168.8.120 > send > update delete client.collmedia.net. IN A > send > > tail /var/log/messages > Apr 30 11:52:32 ipadevmstr named[9349]: client 192.168.8.111#26141: query: > collmedia.net IN SOA - (192.168.8.111) > Apr 30 11:52:32 ipadevmstr named[9349]: client 192.168.8.111#37600: query: > 692300375.sig-ipadevmstr.collmedia.net ANY TKEY -T (192.168.8.111) > Apr 30 11:52:32 ipadevmstr named[9349]: client 192.168.8.111#52609: updating > zone 'collmedia.net/IN': update failed: rejected by secure update (REFUSED) > Apr 30 11:52:32 ipadevmstr named[9349]: client 192.168.8.111#26141: query: > collmedia.net IN SOA - (192.168.8.111) > Apr 30 11:52:32 ipadevmstr named[9349]: client 192.168.8.111#40423: query: > 718499086.sig-ipadevmstr.collmedia.net ANY TKEY -T (192.168.8.111) > Apr 30 11:52:32 ipadevmstr named[9349]: client 192.168.8.111#37000: updating > zone 'collmedia.net/IN': update failed: rejected by secure update (REFUSED) > > Any help would be GREATLY appreciated . . . > > Thanks a lot, > Guy > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
