Project

General

Profile

Actions

Bug #12449

closed

Keytab not configured via dns_tsig_keytab for DNS GSS-TSIG support

Added by Mario Gamboa about 9 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
High
Assignee:
Category:
DNS
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

i upgrade foreman from 1.9.3 to 1.10 and now i can't register the record of the new vms into the active directory

on dns_nsupdate_gss.yml

---
#
# Configuration file for 'nsupdate_gss' dns provider with GSS-TSIG support
#

# use this setting if you are managing a dns server which is not localhost though this proxy
:dns_server: 192.168.0.1
# use dns_tsig_* for GSS-TSIG updates using Kerberos.  Required for Windows MS DNS with
# Secure Dynamic Updates, or BIND as used in FreeIPA.  Set dns_provider to nsupdate_gss.
:dns_tsig_keytab: /etc/foreman-proxy/dns.keytab
:dns_tsig_principal: foremanproxy/server01.example.com@EXAMPLE.COM

On dns.yml

---
# DNS management
:enabled: https
# valid providers:
#   dns_dnscmd (Microsoft Windows native implementation)
#   dns_nsupdate
#   dns_nsupdate_gss (for GSS-TSIG support)
#   dns_virsh (simple implementation for libvirt)
:use_provider: dns_nsupdate_gss

The only difference i notice with the new version is now the plug-in is called dns_nsupdate_gss instead as 1.9.3 nsupdate_gss and also all the configuration is manage in a separate file after try to make a new host is complain on the proxy logs with the following error

Keytab not configured via dns_tsig_keytab for DNS GSS-TSIG support

Actions

Also available in: Atom PDF