Hello. How can I update clients dns records automatically, without setup of DHCP server?
Dmitry Krasov via FreeIPA-users wrote:
Hello. How can I update clients dns records automatically, without setup of DHCP server?
That question doesn't have a lot to go on but I guess I'd recommend starting with the ipa-client-install(1) man page and the --enable-dns-updates option. This enables dyndns_update in sssd.conf. See sssd-ipa(5) for details.
rob
all hosts already enrolled with --enable-dns-updates option but it still doesn't work
Hi,
the DNS zone must also be configured to allow dynamic DNS updates, please check Configuring the DNS Zone to Allow Dynamic Updates https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/linux_domain_identity_authentication_and_policy_guide/index#dns-dynamic-updates-zone
flo
On Tue, May 21, 2024 at 6:48 AM Dmitry Krasov via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
all hosts already enrolled with --enable-dns-updates option but it still doesn't work -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Hi Florence. As far as I understand, it's all because the keytab file become bad in some time.
1. Why it's so? 2. I know how to fix file manually, but how can I check it in script "if file become bad"?
Dmitry Krasov via FreeIPA-users wrote:
Hi Florence. As far as I understand, it's all because the keytab file become bad in some time.
- Why it's so?
- I know how to fix file manually, but how can I check it in script "if file become bad"?
What makes you think the keytab is bad?
A simple way to validate a keytab is to compare the version number to the one the KDC has.
$ kinit admin $ kvno host/<client host name>
# klist -kt /etc/krb5.keytab
Compare the version numbers. It's ok for the keytab to have multiple versions but one has to match what the KDC version number is.
ro
On Срд, 22 мая 2024, Rob Crittenden via FreeIPA-users wrote:
Dmitry Krasov via FreeIPA-users wrote:
Hi Florence. As far as I understand, it's all because the keytab file become bad in some time.
- Why it's so?
- I know how to fix file manually, but how can I check it in script "if file become bad"?
What makes you think the keytab is bad?
A simple way to validate a keytab is to compare the version number to the one the KDC has.
$ kinit admin $ kvno host/<client host name>
# klist -kt /etc/krb5.keytab
Compare the version numbers. It's ok for the keytab to have multiple versions but one has to match what the KDC version number is.
It would also help to see SSSD logs that show how nsupdate runs and what fails there. Or why is it not running. SSSD will tell some details in the logs if you enable debug level 9.
freeipa-users@lists.fedorahosted.org