Second try:
>
Is there a bug in the implementation of the update-policy or do I not have a
grasp on how it should work?
If wanted to only allow machines in an Active Directory the ability to update
their 'A' records shouldn't I be able to use a statement like this:
update-policy {
Is there a bug in the implementation of the update-policy or do I not have a
grasp on how it should work?
If wanted to only allow machines in an Active Directory the ability to update
their 'A' records shouldn't I be able to use a statement like this:
update-policy {
gra
YES Brilliant Thanks Rob.
I think it is working now. I have the update-policy setup as follows:
grant d...@realm wildcard * ANY;
grant d...@realm wildcard * ANY;
grant dns_serv...@realm wildcard * ANY;
deny REALM ms-self * SR
If you're trying to grant update rights to a specific machine (rather
than every machine in the realm), something like:
grant d...@realm. subdomain dnsname.;
might work better, where "d...@realm" is (eg) the Kerberos principle
corresponding to your DC and "dnsname" is the tree to which you want
Updating to 9.7.2-P2 seems to be working. Of course it is not working exactly
like we think it should. When we have a things set like this:
deny ms-self * SRV ;
grant ms-self * ANY;
Nothing will update. When we set it like this:
deny ms-self * SRV;
grant ms-self * ANY;
Things seem to w
Thanks, I'll give it a try and see if things begin to work.
_
Nicholas Miller, ITS, University of Colorado at Boulder
On Sep 30, 2010, at 10:15 AM, Tony Finch wrote:
> On Thu, 30 Sep 2010, Nicholas F Miller wrote:
>
>> Does anyone actual
Yea, it seems that people got it working when the functionality came out but
subsequently I haven't seen it working for anyone in a production environment.
_
Nicholas Miller, ITS, University of Colorado at Boulder
On Sep 30, 2010, at 3:24
On 2010-09-30, at 11:24 AM, Nicholas F Miller wrote:
> Does anyone actually have GSS-TSIG working with an Active Directory? I see
> plenty of posts from people trying to get it to work. I have yet to see
> anyone who claims to actually have it working. Did MS change something in
> 2008r2 since
On Thu, 30 Sep 2010, Nicholas F Miller wrote:
> Does anyone actually have GSS-TSIG working with an Active Directory?
There are some GSS-TSIG interop fixes in 9.7.2.
Tony.
--
f.anthony.n.finchhttp://dotat.at/
HUMBER THAMES DOVER WIGHT PORTLAND: NORTH BACKING WEST OR NORTHWEST, 5 TO 7,
DECREA
9 matches
Mail list logo
