Bug #20332
open
dns_nsupdate_gss documentation for AD integrations is misleading
Description
In https://www.theforeman.org/manuals/1.15/index.html#4.3.5DNS when reading about the dns_nsupdate_gss documentation for AD integrations after giving examples of creating the keytab and testing it, the next example of the /etc/foreman-proxy/settings.d/dns_nsupdate_gss.yml file show ":dns_tsig_principal: foremanproxy/proxy.example.com@EXAMPLE.COM" however when I used this example I was seeing "Failed to initialise credential cache from keytab: krb5_get_init_creds_keytab: Key table entry not found" in the proxy.log file with the proxy set to debug level logs.
The fix is to change the dns_tsig option to ":dns_tsig_principal: foremanproxy@EXAMPLE.COM" for AD integration. There should probably 2 sections of examples for AD versus FreeIPA, as while they are very similar, they are not always the same.
Updated by Marek Hulán over 6 years ago
Thanks for the report, would you mind sending PR with the change against our documentation repository? The file that would need to be changed lives at https://github.com/theforeman/theforeman.org/blob/gh-pages/_includes/manuals/1.16-develop/4.3.5.3_gsstsig.md