Learn How We Can Help You Keep Teleworkers Protected During the COVID-19 Crisis

Security

Reply
Highlighted

AD Integration - Dynamic DNS Problems

Techie
Posts: 1
7096     0

Hi all,

i'm trying to integrate my AD environment with the infoblox DNS. I would like to let my AD clients to dynamically update the dns name on the nios appliance.

Right now the nios appliances are not managing the DHCP, so I want to do GSS-TSIG updates from Clients to Infoblox dns servers.

The nios version is: 6.7.1-204398 I already have my dns zone (authoritative) with AD integration (svc entries & co.) and all works just fine. I tried to follow the admin guide ( "Accepting GSS-TSIG-Authenticated Updates" page 642), the config seems ok but i'm not able to receive authenticated updates.

When i try to update the dns record from an XP machine, I obtain this error message:

err client 192.168.XX.XX#1103: view 1: update 'unitn.it/IN' denied
2013-07-19T09:50:01+02:00 daemon (none) named[26063]: err 192.168.XX.XX#1104: GSS-TSIG authentication failed for (DNS/xxx.unitn.it@UNITN.IT, kvno 2, des-cbc-md5): key not found
2013-07-19T09:50:01+02:00 daemon (none) named[26063]: err gss_accept_sec_context: continuation call to routine required
 
when i try to do dthe same from a win7 machine, i'm getting only the first error message ( update denied ).
 
Any hint on how to solve this ?
My domain is a 2003 R2 domain, so i also followed this kb:
15331 Using GSS-TSIG for a Windows 7 or Windows Server 2008 R2 in a Windows Server 2003 AD Server environment
 
thank you!
marco
 
Highlighted

Re: AD Integration - Dynamic

Techie
Posts: 4
7096     0

Bump.  

i am going to try this but before i do i would like to know if this is an issue

Highlighted

Re: AD Integration - Dynamic

Guru
Posts: 60
7096     0

Hi Marco,

If you have not found a resolution to this problem, you should contact Infoblox support at https://support.infoblox.com/. 

Thanks,

 

Christine

Highlighted

Re: AD Integration - Dynamic

Expert
Posts: 181
7096     0

http://www.accumuli.com/infoblox-and-gss-tsig-i-3187.php

 

The info on that web page helped me greatly in geting GSS-TSIG working in my enviroment.  It was a much better explination, with real world examples than the admin guide.

Highlighted

Re: AD Integration - Dynamic

Adviser
Posts: 101
7096     0

When you create the keytab file on windows (as in Admin Guide page 648) try the following for crypto

- crypto: all

or

-crypto RC4-HMAC-NT

(both will work for W2k8 R2 Server & W7k PCs)

Please delete your current AD GSS-TSIG user and create a new one before you create the keytab.

//Stefan

Showing results for 
Search instead for 
Do you mean 

Recommended for You