subject:"\[SSSD\-users\] Dynamic DNS update with AD backend using wrong hostname for nsupdate"

Re: [SSSD-users] Dynamic DNS update with AD backend using wrong hostname for nsupdate

2013-10-14 Thread Chris Hartman

Bug report opened for tracking: https://fedorahosted.org/sssd/ticket/2120

Thanks for all your help, gentlemen!


-Chris


On Mon, Oct 14, 2013 at 6:22 PM, Dmitri Pal  wrote:

>  On 10/14/2013 03:33 PM, Chris Hartman wrote:
>
>
> On Mon, Oct 14, 2013 at 1:58 PM, Simo Sorce  wrote:
>
>> If you really want to set the name in /etc/hosts you *really* want to
>> put the FQDN as the first option and the short name second.
>>
>  This is normally my standard practice; I just typed it incorrectly in my
> previous reply. I appreciate you pointing this out, though.
>
>  Probably would be a good RFE to make sure it updates DNS with any and
>> all IP addresses assigned to that interface though, rather than simply
>> the one that's actually connected to LDAP.
>
> I agree, so long as this extends to multiple protocols (v4 and v6) and not
> just multiple addresses. One possible hiccup is IPv6 and privacy extensions
> which can create several addresses per interface. I would like to see an
> enhancement like this in the future, though.
>
>
>
> Please file one.
>
>   -Chris
>
>
> ___
> sssd-users mailing 
> listsssd-users@lists.fedorahosted.orghttps://lists.fedorahosted.org/mailman/listinfo/sssd-users
>
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager for IdM portfolio
> Red Hat Inc.
>
>
> ---
> Looking to carve out IT costs?www.redhat.com/carveoutcosts/
>
>
> ___
> sssd-users mailing list
> sssd-users@lists.fedorahosted.org
> https://lists.fedorahosted.org/mailman/listinfo/sssd-users
>
>
___
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users

Re: [SSSD-users] Dynamic DNS update with AD backend using wrong hostname for nsupdate

2013-10-14 Thread Dmitri Pal

On 10/14/2013 03:33 PM, Chris Hartman wrote:
>
> On Mon, Oct 14, 2013 at 1:58 PM, Simo Sorce  > wrote:
>
> If you really want to set the name in /etc/hosts you *really* want to
> put the FQDN as the first option and the short name second.
>
> This is normally my standard practice; I just typed it incorrectly in
> my previous reply. I appreciate you pointing this out, though.
>
> Probably would be a good RFE to make sure it updates DNS with any and
> all IP addresses assigned to that interface though, rather than simply
> the one that's actually connected to LDAP.
>
> I agree, so long as this extends to multiple protocols (v4 and v6) and
> not just multiple addresses. One possible hiccup is IPv6 and privacy
> extensions which can create several addresses per interface. I would
> like to see an enhancement like this in the future, though.
>


Please file one.

> -Chris
>
>
> ___
> sssd-users mailing list
> sssd-users@lists.fedorahosted.org
> https://lists.fedorahosted.org/mailman/listinfo/sssd-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


---
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



___
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users

Re: [SSSD-users] Dynamic DNS update with AD backend using wrong hostname for nsupdate

2013-10-14 Thread Chris Hartman

On Mon, Oct 14, 2013 at 1:58 PM, Simo Sorce  wrote:

> If you really want to set the name in /etc/hosts you *really* want to
> put the FQDN as the first option and the short name second.
>
This is normally my standard practice; I just typed it incorrectly in my
previous reply. I appreciate you pointing this out, though.

Probably would be a good RFE to make sure it updates DNS with any and
> all IP addresses assigned to that interface though, rather than simply
> the one that's actually connected to LDAP.

I agree, so long as this extends to multiple protocols (v4 and v6) and not
just multiple addresses. One possible hiccup is IPv6 and privacy extensions
which can create several addresses per interface. I would like to see an
enhancement like this in the future, though.

-Chris
___
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users

Re: [SSSD-users] Dynamic DNS update with AD backend using wrong hostname for nsupdate

2013-10-14 Thread Simo Sorce

On Mon, 2013-10-14 at 12:13 -0400, Chris Hartman wrote:
> Hmm. It appears that setting the hostname to the FQDN using the
> `hostname $FQDN` command solves this problem until a reboot. For a
> permanent solution, I'm adding the FQDN to /etc/hostname and
> ensuring /etc/hosts has '127.0.1.1 $HOST $FQDN'.

This may break some apps that do reverse lookups and use Kerberos.
If you really want to set the name in /etc/hosts you *really* want to
put the FQDN as the first option and the short name second.

Simo.


-- 
Simo Sorce * Red Hat, Inc * New York

___
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users

Re: [SSSD-users] Dynamic DNS update with AD backend using wrong hostname for nsupdate

2013-10-14 Thread Stephen Gallagher

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 10/14/2013 12:55 PM, Chris Hartman wrote:
> Maybe try to use the dyndns_iface option
> 
> This forced an IPv6 record update :)
> 
> How come this wasn't done automatically, though?
> 
> While entirely possible, it's a bit of a pain to set the interface
> for all hosts, especially because there is no guarantee that it
> will be the same interface for every host. If I could get around
> setting this explicitly, that would be a better option.
> 

It's very difficult to determine exactly which interface is the public
one. When we don't have the dyndns_iface option specified, our default
behavior is to assume that the IP address we are using to connect to
LDAP is the public one.

Probably would be a good RFE to make sure it updates DNS with any and
all IP addresses assigned to that interface though, rather than simply
the one that's actually connected to LDAP.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlJcJFQACgkQeiVVYja6o6MMfgCfcjB8Zb6Igbv2819jRd/MtlwY
4gQAn3NtPnv30Q2ZIt4ndmQvn+aE6A05
=j+UN
-END PGP SIGNATURE-
___
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users

Re: [SSSD-users] Dynamic DNS update with AD backend using wrong hostname for nsupdate

2013-10-14 Thread Chris Hartman

>
> Maybe try to use the dyndns_iface option

This forced an IPv6 record update :)

How come this wasn't done automatically, though?

While entirely possible, it's a bit of a pain to set the interface for all
hosts, especially because there is no guarantee that it will be the same
interface for every host. If I could get around setting this explicitly,
that would be a better option.

Thanks!


-Chris


On Mon, Oct 14, 2013 at 12:46 PM, Sumit Bose  wrote:

> On Mon, Oct 14, 2013 at 12:13:22PM -0400, Chris Hartman wrote:
> > Hmm. It appears that setting the hostname to the FQDN using the `hostname
> > $FQDN` command solves this problem until a reboot. For a permanent
> > solution, I'm adding the FQDN to /etc/hostname and ensuring /etc/hosts
> has
> > '127.0.1.1 $HOST $FQDN'.
>
> as an alternative you can try to use the FQDN in the ad_hostname option
> in sssd.conf.
>
> >
> > However, I have a followup question. I notice that SSSD is only updating
> > IPv4 records. How can I ensure IPv6 updates? Thanks!
>
>
> In general it should. Maybe try to use the dyndns_iface option.  Feel
> free to send more detailed logs so that I can have a closer look.
>
> bye,
> Sumit
>
> >
> >
> > -Chris
> >
> >
> > On Mon, Oct 14, 2013 at 11:24 AM, Chris Hartman 
> wrote:
> >
> > > Sumit,
> > >
> > > Just 'snickers'
> > >
> > >
> > > -Chris
> > >
> > >
> > > On Mon, Oct 14, 2013 at 11:21 AM, Sumit Bose  wrote:
> > >
> > >> On Mon, Oct 14, 2013 at 11:10:47AM -0400, Chris Hartman wrote:
> > >> > Hi guys,
> > >> >
> > >> > I've noticed that dynamic DNS updates aren't working with my setup.
> > >> Client
> > >> > is Ubuntu 12.04 using SSSD 1.11.1. Server 2008 AD on backend.
> > >> >
> > >> > Here's my config:
> > >> > [sssd]
> > >> > config_file_version = 2
> > >> > debug_level = 0
> > >> > reconnection_retries = 3
> > >> > sbus_timeout = 30
> > >> > services = nss, pam
> > >> > domains = DOMAIN
> > >> >
> > >> > [pam]
> > >> > debug_level = 0
> > >> >
> > >> > [nss]
> > >> > debug_level = 10
> > >> > filter_users =
> > >> >
> > >>
> root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
> > >> > filter_groups =
> > >> >
> > >>
> root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
> > >> > reconnection_retries = 3
> > >> >
> > >> > [domain/DOMAIN]
> > >> > debug_level = 10
> > >> > ad_domain = DOMAIN.local
> > >> > id_provider = ad
> > >> > auth_provider = ad
> > >> > chpass_provider = ad
> > >> > access_provider = ad
> > >> > enumerate = true
> > >> > cache_credentials = true
> > >> > # Will check unixHomeDirectory LDAP attribute for a value first
> > >> > fallback_homedir = /home/%u
> > >> > ldap_user_home_directory = unixHomeDirectory
> > >> > dyndns_update = true
> > >> > dyndns_update_ptr = true
> > >> > dyndns_refresh_interval = 30
> > >> > ldap_schema = ad
> > >> > ldap_id_mapping = true
> > >> >
> > >> > When viewing debug output, I saw this under the domain log:
> > >> > (Mon Oct 14 10:33:01 2013) [sssd[be[wysu]]]
> [be_nsupdate_create_fwd_msg]
> > >> > (0x0400):  -- Begin nsupdate message --
> > >> > server milkdud.DOMAIN.local
> > >> > realm DOMAIN.LOCAL
> > >> > update delete snickers. in A
> > >> > send
> > >> > update delete snickers. in 
> > >> > send
> > >> > update add snickers. 3600 in A 10.11.12.41
> > >> > send
> > >> >
> > >> > When I try to perform this update manually using `nsupdate -g` it
> will
> > >> fail
> > >> > with the following error:
> > >> > tkey query failed: GSSAPI error: Major = Unspecified GSS failure.
>  Minor
> > >> > code may provide more information, Minor = Server not found in
> Kerberos
> > >> > database.
> > >> >
> > >> > However, if I replace 'snickers.' with the FQDN
> 'snickers.DOMAIN.local'
> > >> the
> > >> > update will happen fine.
> > >> >
> > >> > I'm assuming this is an SSSD configuration error since the FQDN is
> not
> > >> > being used during the update. Any ideas how to solve this?
> > >>
> > >> Does the hostname command on the shell return just snickers or the
> FQDN?
> > >>
> > >> bye,
> > >> Sumit
> > >>
> > >> >
> > >> > Thanks!
> > >> >
> > >> > -Chris
> > >>
> > >> > ___
> > >> > sssd-users mailing list
> > >> > sssd-users@lists.fedorahosted.org
> > >> > https://lists.fedorahosted.org/mailman/listinfo/sssd-users
> > >>
> > >> ___
> > >> sssd-users mailing list
> > >> sssd-users@lists.fedorahosted.org
> > >> https://lists.fedorahosted.org/mailman/listinfo/sssd-users
> > >>
> > >
> > >
>
> > ___
> > sssd-users mailing list
> > sssd-users@lists.fedorahosted.org
> > https://lists.fedorahosted.org/mailman/listinfo/sssd-users
>
> ___
> sssd-users mailing list
> sssd-users@lists.fedorahosted.org
> https://lists.fedorahosted.org/mailman/listinfo/sssd-users
>
___
sssd-users mailing list
sssd-users@lists.fedor

Re: [SSSD-users] Dynamic DNS update with AD backend using wrong hostname for nsupdate

2013-10-14 Thread Sumit Bose

On Mon, Oct 14, 2013 at 12:13:22PM -0400, Chris Hartman wrote:
> Hmm. It appears that setting the hostname to the FQDN using the `hostname
> $FQDN` command solves this problem until a reboot. For a permanent
> solution, I'm adding the FQDN to /etc/hostname and ensuring /etc/hosts has
> '127.0.1.1 $HOST $FQDN'.

as an alternative you can try to use the FQDN in the ad_hostname option
in sssd.conf.

> 
> However, I have a followup question. I notice that SSSD is only updating
> IPv4 records. How can I ensure IPv6 updates? Thanks!


In general it should. Maybe try to use the dyndns_iface option.  Feel
free to send more detailed logs so that I can have a closer look.

bye,
Sumit

> 
> 
> -Chris
> 
> 
> On Mon, Oct 14, 2013 at 11:24 AM, Chris Hartman  wrote:
> 
> > Sumit,
> >
> > Just 'snickers'
> >
> >
> > -Chris
> >
> >
> > On Mon, Oct 14, 2013 at 11:21 AM, Sumit Bose  wrote:
> >
> >> On Mon, Oct 14, 2013 at 11:10:47AM -0400, Chris Hartman wrote:
> >> > Hi guys,
> >> >
> >> > I've noticed that dynamic DNS updates aren't working with my setup.
> >> Client
> >> > is Ubuntu 12.04 using SSSD 1.11.1. Server 2008 AD on backend.
> >> >
> >> > Here's my config:
> >> > [sssd]
> >> > config_file_version = 2
> >> > debug_level = 0
> >> > reconnection_retries = 3
> >> > sbus_timeout = 30
> >> > services = nss, pam
> >> > domains = DOMAIN
> >> >
> >> > [pam]
> >> > debug_level = 0
> >> >
> >> > [nss]
> >> > debug_level = 10
> >> > filter_users =
> >> >
> >> root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
> >> > filter_groups =
> >> >
> >> root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
> >> > reconnection_retries = 3
> >> >
> >> > [domain/DOMAIN]
> >> > debug_level = 10
> >> > ad_domain = DOMAIN.local
> >> > id_provider = ad
> >> > auth_provider = ad
> >> > chpass_provider = ad
> >> > access_provider = ad
> >> > enumerate = true
> >> > cache_credentials = true
> >> > # Will check unixHomeDirectory LDAP attribute for a value first
> >> > fallback_homedir = /home/%u
> >> > ldap_user_home_directory = unixHomeDirectory
> >> > dyndns_update = true
> >> > dyndns_update_ptr = true
> >> > dyndns_refresh_interval = 30
> >> > ldap_schema = ad
> >> > ldap_id_mapping = true
> >> >
> >> > When viewing debug output, I saw this under the domain log:
> >> > (Mon Oct 14 10:33:01 2013) [sssd[be[wysu]]] [be_nsupdate_create_fwd_msg]
> >> > (0x0400):  -- Begin nsupdate message --
> >> > server milkdud.DOMAIN.local
> >> > realm DOMAIN.LOCAL
> >> > update delete snickers. in A
> >> > send
> >> > update delete snickers. in 
> >> > send
> >> > update add snickers. 3600 in A 10.11.12.41
> >> > send
> >> >
> >> > When I try to perform this update manually using `nsupdate -g` it will
> >> fail
> >> > with the following error:
> >> > tkey query failed: GSSAPI error: Major = Unspecified GSS failure.  Minor
> >> > code may provide more information, Minor = Server not found in Kerberos
> >> > database.
> >> >
> >> > However, if I replace 'snickers.' with the FQDN 'snickers.DOMAIN.local'
> >> the
> >> > update will happen fine.
> >> >
> >> > I'm assuming this is an SSSD configuration error since the FQDN is not
> >> > being used during the update. Any ideas how to solve this?
> >>
> >> Does the hostname command on the shell return just snickers or the FQDN?
> >>
> >> bye,
> >> Sumit
> >>
> >> >
> >> > Thanks!
> >> >
> >> > -Chris
> >>
> >> > ___
> >> > sssd-users mailing list
> >> > sssd-users@lists.fedorahosted.org
> >> > https://lists.fedorahosted.org/mailman/listinfo/sssd-users
> >>
> >> ___
> >> sssd-users mailing list
> >> sssd-users@lists.fedorahosted.org
> >> https://lists.fedorahosted.org/mailman/listinfo/sssd-users
> >>
> >
> >

> ___
> sssd-users mailing list
> sssd-users@lists.fedorahosted.org
> https://lists.fedorahosted.org/mailman/listinfo/sssd-users

___
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users

Re: [SSSD-users] Dynamic DNS update with AD backend using wrong hostname for nsupdate

2013-10-14 Thread Chris Hartman

Hmm. It appears that setting the hostname to the FQDN using the `hostname
$FQDN` command solves this problem until a reboot. For a permanent
solution, I'm adding the FQDN to /etc/hostname and ensuring /etc/hosts has
'127.0.1.1 $HOST $FQDN'.

However, I have a followup question. I notice that SSSD is only updating
IPv4 records. How can I ensure IPv6 updates? Thanks!


-Chris


On Mon, Oct 14, 2013 at 11:24 AM, Chris Hartman  wrote:

> Sumit,
>
> Just 'snickers'
>
>
> -Chris
>
>
> On Mon, Oct 14, 2013 at 11:21 AM, Sumit Bose  wrote:
>
>> On Mon, Oct 14, 2013 at 11:10:47AM -0400, Chris Hartman wrote:
>> > Hi guys,
>> >
>> > I've noticed that dynamic DNS updates aren't working with my setup.
>> Client
>> > is Ubuntu 12.04 using SSSD 1.11.1. Server 2008 AD on backend.
>> >
>> > Here's my config:
>> > [sssd]
>> > config_file_version = 2
>> > debug_level = 0
>> > reconnection_retries = 3
>> > sbus_timeout = 30
>> > services = nss, pam
>> > domains = DOMAIN
>> >
>> > [pam]
>> > debug_level = 0
>> >
>> > [nss]
>> > debug_level = 10
>> > filter_users =
>> >
>> root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
>> > filter_groups =
>> >
>> root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
>> > reconnection_retries = 3
>> >
>> > [domain/DOMAIN]
>> > debug_level = 10
>> > ad_domain = DOMAIN.local
>> > id_provider = ad
>> > auth_provider = ad
>> > chpass_provider = ad
>> > access_provider = ad
>> > enumerate = true
>> > cache_credentials = true
>> > # Will check unixHomeDirectory LDAP attribute for a value first
>> > fallback_homedir = /home/%u
>> > ldap_user_home_directory = unixHomeDirectory
>> > dyndns_update = true
>> > dyndns_update_ptr = true
>> > dyndns_refresh_interval = 30
>> > ldap_schema = ad
>> > ldap_id_mapping = true
>> >
>> > When viewing debug output, I saw this under the domain log:
>> > (Mon Oct 14 10:33:01 2013) [sssd[be[wysu]]] [be_nsupdate_create_fwd_msg]
>> > (0x0400):  -- Begin nsupdate message --
>> > server milkdud.DOMAIN.local
>> > realm DOMAIN.LOCAL
>> > update delete snickers. in A
>> > send
>> > update delete snickers. in 
>> > send
>> > update add snickers. 3600 in A 10.11.12.41
>> > send
>> >
>> > When I try to perform this update manually using `nsupdate -g` it will
>> fail
>> > with the following error:
>> > tkey query failed: GSSAPI error: Major = Unspecified GSS failure.  Minor
>> > code may provide more information, Minor = Server not found in Kerberos
>> > database.
>> >
>> > However, if I replace 'snickers.' with the FQDN 'snickers.DOMAIN.local'
>> the
>> > update will happen fine.
>> >
>> > I'm assuming this is an SSSD configuration error since the FQDN is not
>> > being used during the update. Any ideas how to solve this?
>>
>> Does the hostname command on the shell return just snickers or the FQDN?
>>
>> bye,
>> Sumit
>>
>> >
>> > Thanks!
>> >
>> > -Chris
>>
>> > ___
>> > sssd-users mailing list
>> > sssd-users@lists.fedorahosted.org
>> > https://lists.fedorahosted.org/mailman/listinfo/sssd-users
>>
>> ___
>> sssd-users mailing list
>> sssd-users@lists.fedorahosted.org
>> https://lists.fedorahosted.org/mailman/listinfo/sssd-users
>>
>
>
___
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users

Re: [SSSD-users] Dynamic DNS update with AD backend using wrong hostname for nsupdate

2013-10-14 Thread Chris Hartman

Sumit,

Just 'snickers'


-Chris


On Mon, Oct 14, 2013 at 11:21 AM, Sumit Bose  wrote:

> On Mon, Oct 14, 2013 at 11:10:47AM -0400, Chris Hartman wrote:
> > Hi guys,
> >
> > I've noticed that dynamic DNS updates aren't working with my setup.
> Client
> > is Ubuntu 12.04 using SSSD 1.11.1. Server 2008 AD on backend.
> >
> > Here's my config:
> > [sssd]
> > config_file_version = 2
> > debug_level = 0
> > reconnection_retries = 3
> > sbus_timeout = 30
> > services = nss, pam
> > domains = DOMAIN
> >
> > [pam]
> > debug_level = 0
> >
> > [nss]
> > debug_level = 10
> > filter_users =
> >
> root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
> > filter_groups =
> >
> root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
> > reconnection_retries = 3
> >
> > [domain/DOMAIN]
> > debug_level = 10
> > ad_domain = DOMAIN.local
> > id_provider = ad
> > auth_provider = ad
> > chpass_provider = ad
> > access_provider = ad
> > enumerate = true
> > cache_credentials = true
> > # Will check unixHomeDirectory LDAP attribute for a value first
> > fallback_homedir = /home/%u
> > ldap_user_home_directory = unixHomeDirectory
> > dyndns_update = true
> > dyndns_update_ptr = true
> > dyndns_refresh_interval = 30
> > ldap_schema = ad
> > ldap_id_mapping = true
> >
> > When viewing debug output, I saw this under the domain log:
> > (Mon Oct 14 10:33:01 2013) [sssd[be[wysu]]] [be_nsupdate_create_fwd_msg]
> > (0x0400):  -- Begin nsupdate message --
> > server milkdud.DOMAIN.local
> > realm DOMAIN.LOCAL
> > update delete snickers. in A
> > send
> > update delete snickers. in 
> > send
> > update add snickers. 3600 in A 10.11.12.41
> > send
> >
> > When I try to perform this update manually using `nsupdate -g` it will
> fail
> > with the following error:
> > tkey query failed: GSSAPI error: Major = Unspecified GSS failure.  Minor
> > code may provide more information, Minor = Server not found in Kerberos
> > database.
> >
> > However, if I replace 'snickers.' with the FQDN 'snickers.DOMAIN.local'
> the
> > update will happen fine.
> >
> > I'm assuming this is an SSSD configuration error since the FQDN is not
> > being used during the update. Any ideas how to solve this?
>
> Does the hostname command on the shell return just snickers or the FQDN?
>
> bye,
> Sumit
>
> >
> > Thanks!
> >
> > -Chris
>
> > ___
> > sssd-users mailing list
> > sssd-users@lists.fedorahosted.org
> > https://lists.fedorahosted.org/mailman/listinfo/sssd-users
>
> ___
> sssd-users mailing list
> sssd-users@lists.fedorahosted.org
> https://lists.fedorahosted.org/mailman/listinfo/sssd-users
>
___
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users

Re: [SSSD-users] Dynamic DNS update with AD backend using wrong hostname for nsupdate

2013-10-14 Thread Sumit Bose

On Mon, Oct 14, 2013 at 11:10:47AM -0400, Chris Hartman wrote:
> Hi guys,
> 
> I've noticed that dynamic DNS updates aren't working with my setup. Client
> is Ubuntu 12.04 using SSSD 1.11.1. Server 2008 AD on backend.
> 
> Here's my config:
> [sssd]
> config_file_version = 2
> debug_level = 0
> reconnection_retries = 3
> sbus_timeout = 30
> services = nss, pam
> domains = DOMAIN
> 
> [pam]
> debug_level = 0
> 
> [nss]
> debug_level = 10
> filter_users =
> root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
> filter_groups =
> root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
> reconnection_retries = 3
> 
> [domain/DOMAIN]
> debug_level = 10
> ad_domain = DOMAIN.local
> id_provider = ad
> auth_provider = ad
> chpass_provider = ad
> access_provider = ad
> enumerate = true
> cache_credentials = true
> # Will check unixHomeDirectory LDAP attribute for a value first
> fallback_homedir = /home/%u
> ldap_user_home_directory = unixHomeDirectory
> dyndns_update = true
> dyndns_update_ptr = true
> dyndns_refresh_interval = 30
> ldap_schema = ad
> ldap_id_mapping = true
> 
> When viewing debug output, I saw this under the domain log:
> (Mon Oct 14 10:33:01 2013) [sssd[be[wysu]]] [be_nsupdate_create_fwd_msg]
> (0x0400):  -- Begin nsupdate message --
> server milkdud.DOMAIN.local
> realm DOMAIN.LOCAL
> update delete snickers. in A
> send
> update delete snickers. in 
> send
> update add snickers. 3600 in A 10.11.12.41
> send
> 
> When I try to perform this update manually using `nsupdate -g` it will fail
> with the following error:
> tkey query failed: GSSAPI error: Major = Unspecified GSS failure.  Minor
> code may provide more information, Minor = Server not found in Kerberos
> database.
> 
> However, if I replace 'snickers.' with the FQDN 'snickers.DOMAIN.local' the
> update will happen fine.
> 
> I'm assuming this is an SSSD configuration error since the FQDN is not
> being used during the update. Any ideas how to solve this?

Does the hostname command on the shell return just snickers or the FQDN?

bye,
Sumit

> 
> Thanks!
> 
> -Chris

> ___
> sssd-users mailing list
> sssd-users@lists.fedorahosted.org
> https://lists.fedorahosted.org/mailman/listinfo/sssd-users

___
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users

[SSSD-users] Dynamic DNS update with AD backend using wrong hostname for nsupdate

2013-10-14 Thread Chris Hartman

Hi guys,

I've noticed that dynamic DNS updates aren't working with my setup. Client
is Ubuntu 12.04 using SSSD 1.11.1. Server 2008 AD on backend.

Here's my config:
[sssd]
config_file_version = 2
debug_level = 0
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam
domains = DOMAIN

[pam]
debug_level = 0

[nss]
debug_level = 10
filter_users =
root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
filter_groups =
root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
reconnection_retries = 3

[domain/DOMAIN]
debug_level = 10
ad_domain = DOMAIN.local
id_provider = ad
auth_provider = ad
chpass_provider = ad
access_provider = ad
enumerate = true
cache_credentials = true
# Will check unixHomeDirectory LDAP attribute for a value first
fallback_homedir = /home/%u
ldap_user_home_directory = unixHomeDirectory
dyndns_update = true
dyndns_update_ptr = true
dyndns_refresh_interval = 30
ldap_schema = ad
ldap_id_mapping = true

When viewing debug output, I saw this under the domain log:
(Mon Oct 14 10:33:01 2013) [sssd[be[wysu]]] [be_nsupdate_create_fwd_msg]
(0x0400):  -- Begin nsupdate message --
server milkdud.DOMAIN.local
realm DOMAIN.LOCAL
update delete snickers. in A
send
update delete snickers. in 
send
update add snickers. 3600 in A 10.11.12.41
send

When I try to perform this update manually using `nsupdate -g` it will fail
with the following error:
tkey query failed: GSSAPI error: Major = Unspecified GSS failure.  Minor
code may provide more information, Minor = Server not found in Kerberos
database.

However, if I replace 'snickers.' with the FQDN 'snickers.DOMAIN.local' the
update will happen fine.

I'm assuming this is an SSSD configuration error since the FQDN is not
being used during the update. Any ideas how to solve this?

Thanks!

-Chris
___
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users

Re: [SSSD-users] Dynamic DNS update with AD backend using wrong hostname for nsupdate

Re: [SSSD-users] Dynamic DNS update with AD backend using wrong hostname for nsupdate

Re: [SSSD-users] Dynamic DNS update with AD backend using wrong hostname for nsupdate

Re: [SSSD-users] Dynamic DNS update with AD backend using wrong hostname for nsupdate

Re: [SSSD-users] Dynamic DNS update with AD backend using wrong hostname for nsupdate

Re: [SSSD-users] Dynamic DNS update with AD backend using wrong hostname for nsupdate

Re: [SSSD-users] Dynamic DNS update with AD backend using wrong hostname for nsupdate

Re: [SSSD-users] Dynamic DNS update with AD backend using wrong hostname for nsupdate

Re: [SSSD-users] Dynamic DNS update with AD backend using wrong hostname for nsupdate

Re: [SSSD-users] Dynamic DNS update with AD backend using wrong hostname for nsupdate

[SSSD-users] Dynamic DNS update with AD backend using wrong hostname for nsupdate

11 matches

Site Navigation

Mail list logo

Footer information