Hi guys,

I've noticed that dynamic DNS updates aren't working with my setup. Client is Ubuntu 12.04 using SSSD 1.11.1. Server 2008 AD on backend.

Here's my config:
[sssd]
config_file_version = 2
debug_level = 0
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam
domains = DOMAIN
 
[pam]
debug_level = 0

[nss]
debug_level = 10
filter_users = root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
filter_groups = root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
reconnection_retries = 3

[domain/DOMAIN]
debug_level = 10
ad_domain = DOMAIN.local
id_provider = ad
auth_provider = ad
chpass_provider = ad
access_provider = ad
enumerate = true
cache_credentials = true
# Will check unixHomeDirectory LDAP attribute for a value first
fallback_homedir = /home/%u
ldap_user_home_directory = unixHomeDirectory
dyndns_update = true
dyndns_update_ptr = true
dyndns_refresh_interval = 30
ldap_schema = ad
ldap_id_mapping = true

When viewing debug output, I saw this under the domain log:
(Mon Oct 14 10:33:01 2013) [sssd[be[wysu]]] [be_nsupdate_create_fwd_msg] (0x0400):  -- Begin nsupdate message -- 
server milkdud.DOMAIN.local
realm DOMAIN.LOCAL
update delete snickers. in A
send
update delete snickers. in AAAA
send
update add snickers. 3600 in A 10.11.12.41
send

When I try to perform this update manually using `nsupdate -g` it will fail with the following error:
tkey query failed: GSSAPI error: Major = Unspecified GSS failure.  Minor code may provide more information, Minor = Server not found in Kerberos database.

However, if I replace 'snickers.' with the FQDN 'snickers.DOMAIN.local' the update will happen fine.

I'm assuming this is an SSSD configuration error since the FQDN is not being used during the update. Any ideas how to solve this?

Thanks!

-Chris