Learn How We Can Help You Keep Teleworkers Protected During the COVID-19 Crisis

DNS DHCP IPAM

Reply
Highlighted
Accepted Solution

Client Fail to update DDNS using gss-tsig

[ Edited ]
Adviser
Posts: 46
185     0

Hi Teams,

 

Im doing some lab about ddns. The scenario will be client (already join domain to corp.abc.net) update their IP to Infoblox that running dns.

 

here what i've done:

1. create user on domain controller (ib, password P@ssw0rd)

2. create keytab file on domain controller (ktpass -princ DNS/ib.abc.net@CORP.ABC.NET -mapuser ib@corp.abc.net -pass P@ssw0rd -out c:\ns1.keytab -ptype krb5_nt_principal -crypto AES256-SHA1)

3. Already import the keytab to Infoblox.

4. Execute command ipconfig /registerdns from the pc client

 

after the above activity, i check the logs on infoblox:

2020-04-26 21:56:01 ICT daemon ERROR named[13999] gss_accept_sec_context: continuation call to routine required
2020-04-26 21:56:01 ICT daemon INFO named[13999] GSS-TSIG verify stats: 0 ok, 0 failed (0 integrity, 0 time)
2020-04-26 21:56:01 ICT daemon INFO named[13999] GSS-TSIG accept stats: 0 ok, 1 failed (0 NTLM, 1 principal, 0 key, 0 integrity, 0 time)
2020-04-26 21:56:01 ICT daemon ERROR named[13999] 192.168.137.20#59616: GSS-TSIG authentication failed for (DNS/ib.corp.abc.net@CORP.ABC.NET, kvno 4, arcfour-hmac-md5): unknown principal
2020-04-26 21:56:01 ICT daemon ERROR named[13999] client @0x7fd5840f9000 192.168.137.20#57468: update 'corp.abc.net/IN' denied

 

any step that i miss?

 

thanks

Highlighted

Re: Client Fail to update DDNS using gss-tsig

Adviser
Posts: 46
186     0

This issue happen because the DC adminitrator create a wrong keytab file. it's not mapped to correct user that already created.

 

Thanks

Showing results for 
Search instead for 
Do you mean 

Recommended for You