Bug 1884301
| Summary: | [RFE] dyndns: suport asymmetric auth for nsupdate | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Alexey Tikhonov <atikhono> |
| Component: | sssd | Assignee: | Sumit Bose <sbose> |
| Status: | CLOSED ERRATA | QA Contact: | Dan Lavu <dlavu> |
| Severity: | low | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 8.3 | CC: | dlavu, grajaiya, jhrozek, lslebodn, mzidek, pbrezina, sbose, tscherf |
| Target Milestone: | rc | Keywords: | FutureFeature |
| Target Release: | 8.0 | Flags: | pm-rhel:
mirror+
|
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | sync-to-jira qetodo | ||
| Fixed In Version: | sssd-2.4.0-1.el8 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-05-18 15:03:59 UTC | Type: | Enhancement |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1881992 | ||
| Bug Blocks: | |||
|
Description
Alexey Tikhonov
2020-10-01 15:41:06 UTC
Pushed PR: https://github.com/SSSD/sssd/pull/5283 * `master` * 0b069085cc6cb472b6c8841a26107ee1d48222ee - Add dyndns_auth_ptr support Hi, to verify this feature please see https://github.com/SSSD/sssd/pull/5283#issuecomment-699824497 You can add the policy directly in named.conf for a stand-alone DNS server or use "ipa dnszone-mod 122.168.192.in-addr.arpa --update-policy='grant * tcp-self * PTR;'" for testing this with FreeIPA and the integrated DNS server. HTH bye, Sumit Verified against sssd-ipa-2.4.0-3.el8.x86_64 sssd.conf ####################### [domain/testrealm.test] id_provider = ipa ipa_server = _srv_, master.testrealm.test ipa_domain = testrealm.test ipa_hostname = client.testrealm.test auth_provider = ipa chpass_provider = ipa access_provider = ipa cache_credentials = True ldap_tls_cacert = /etc/ipa/ca.crt krb5_store_password_if_offline = True sudo_provider = ipa subdomains_provider = ipa session_provider = ipa hostid_provider = ipa dyndns_force_tcp = true dyndns_update = true dyndns_update_ptr = true dyndns_refresh_interval = 5 dyndns_auth_ptr = None dyndns_server = master.testrealm.test [sssd] services = nss, pam, ssh, sudo domains = testrealm.test [nss] homedir_substring = /home [pam] [sudo] [autofs] [ssh] [pac] [ifp] [secrets] [session_recording] [root@client ~]# 2020-12-22 14:18:54,837 - sssd.testlib.common.qe_class.QeHost.master.ParamikoTransport - INFO - RUN ipa dnszone-mod 110.0.10.in-addr.arpa. --update-policy='grant * tcp-self * PTR;' 2020-12-22 14:18:54,838 - sssd.testlib.common.qe_class.QeHost.master.cmd16 - DEBUG - RUN ipa dnszone-mod 110.0.10.in-addr.arpa. --update-policy='grant * tcp-self * PTR;' 2020-12-22 14:18:55,602 - sssd.testlib.common.qe_class.QeHost.master.cmd16 - DEBUG - Zone name: 110.0.10.in-addr.arpa. 2020-12-22 14:18:55,602 - sssd.testlib.common.qe_class.QeHost.master.cmd16 - DEBUG - Active zone: TRUE 2020-12-22 14:18:55,602 - sssd.testlib.common.qe_class.QeHost.master.cmd16 - DEBUG - Forward policy: none 2020-12-22 14:18:55,602 - sssd.testlib.common.qe_class.QeHost.master.cmd16 - DEBUG - Authoritative nameserver: master.testrealm.test. 2020-12-22 14:18:55,602 - sssd.testlib.common.qe_class.QeHost.master.cmd16 - DEBUG - Administrator e-mail address: hostmaster 2020-12-22 14:18:55,602 - sssd.testlib.common.qe_class.QeHost.master.cmd16 - DEBUG - SOA serial: 1608664735 2020-12-22 14:18:55,603 - sssd.testlib.common.qe_class.QeHost.master.cmd16 - DEBUG - SOA refresh: 3600 2020-12-22 14:18:55,603 - sssd.testlib.common.qe_class.QeHost.master.cmd16 - DEBUG - SOA retry: 900 2020-12-22 14:18:55,603 - sssd.testlib.common.qe_class.QeHost.master.cmd16 - DEBUG - SOA expire: 1209600 2020-12-22 14:18:55,603 - sssd.testlib.common.qe_class.QeHost.master.cmd16 - DEBUG - SOA minimum: 3600 2020-12-22 14:18:55,603 - sssd.testlib.common.qe_class.QeHost.master.cmd16 - DEBUG - BIND update policy: grant * tcp-self * PTR; 2020-12-22 14:18:55,603 - sssd.testlib.common.qe_class.QeHost.master.cmd16 - DEBUG - Dynamic update: TRUE 2020-12-22 14:18:55,603 - sssd.testlib.common.qe_class.QeHost.master.cmd16 - DEBUG - Allow query: any; 2020-12-22 14:18:55,603 - sssd.testlib.common.qe_class.QeHost.master.cmd16 - DEBUG - Allow transfer: none; 2020-12-22 14:18:55,656 - sssd.testlib.common.qe_class.QeHost.master.cmd16 - DEBUG - Exit code: 0 2020-12-22 14:18:56,189 - sssd.testlib.common.qe_class.QeHost.master.ParamikoTransport - INFO - RUN ipa dnsrecord-del testrealm.test client --del-all 2020-12-22 14:18:56,189 - sssd.testlib.common.qe_class.QeHost.master.cmd18 - DEBUG - RUN ipa dnsrecord-del testrealm.test client --del-all 2020-12-22 14:18:57,177 - sssd.testlib.common.qe_class.QeHost.master.cmd18 - DEBUG - ----------------------- 2020-12-22 14:18:57,178 - sssd.testlib.common.qe_class.QeHost.master.cmd18 - DEBUG - Deleted record "client" 2020-12-22 14:18:57,178 - sssd.testlib.common.qe_class.QeHost.master.cmd18 - DEBUG - ----------------------- 2020-12-22 14:18:57,232 - sssd.testlib.common.qe_class.QeHost.master.cmd18 - DEBUG - Exit code: 0 2020-12-22 14:18:58,261 - sssd.testlib.common.qe_class.QeHost.client.ParamikoTransport - INFO - RUN ['systemctl', 'restart', 'sssd'] 2020-12-22 14:18:58,261 - sssd.testlib.common.qe_class.QeHost.client.cmd43 - DEBUG - RUN ['systemctl', 'restart', 'sssd'] 2020-12-22 14:18:58,768 - sssd.testlib.common.qe_class.QeHost.client.cmd43 - DEBUG - Exit code: 0 2020-12-22 14:19:18,786 - sssd.testlib.common.qe_class.QeHost.client.ParamikoTransport - INFO - RUN nslookup client.testrealm.test 2020-12-22 14:19:18,786 - sssd.testlib.common.qe_class.QeHost.client.cmd44 - DEBUG - RUN nslookup client.testrealm.test 2020-12-22 14:19:18,846 - sssd.testlib.common.qe_class.QeHost.client.cmd44 - DEBUG - Server: 10.0.109.210 2020-12-22 14:19:18,846 - sssd.testlib.common.qe_class.QeHost.client.cmd44 - DEBUG - Address: 10.0.109.210#53 2020-12-22 14:19:18,847 - sssd.testlib.common.qe_class.QeHost.client.cmd44 - DEBUG - 2020-12-22 14:19:18,847 - sssd.testlib.common.qe_class.QeHost.client.cmd44 - DEBUG - Name: client.testrealm.test 2020-12-22 14:19:18,847 - sssd.testlib.common.qe_class.QeHost.client.cmd44 - DEBUG - Address: 10.0.110.36 2020-12-22 14:19:18,847 - sssd.testlib.common.qe_class.QeHost.client.cmd44 - DEBUG - 2020-12-22 14:19:18,849 - sssd.testlib.common.qe_class.QeHost.client.cmd44 - DEBUG - Exit code: 0 2020-12-22 14:19:18,914 - sssd.testlib.common.qe_class.QeHost.client.ParamikoTransport - INFO - RUN nslookup 10.0.110.36 2020-12-22 14:19:18,914 - sssd.testlib.common.qe_class.QeHost.client.cmd45 - DEBUG - RUN nslookup 10.0.110.36 2020-12-22 14:19:18,969 - sssd.testlib.common.qe_class.QeHost.client.cmd45 - DEBUG - 36.110.0.10.in-addr.arpa name = client.testrealm.test. 2020-12-22 14:19:18,969 - sssd.testlib.common.qe_class.QeHost.client.cmd45 - DEBUG - Verified against sssd-ipa-2.4.0-3.el8.x86_64 sssd.conf ####################### [domain/testrealm.test] id_provider = ipa ipa_server = _srv_, master.testrealm.test ipa_domain = testrealm.test ipa_hostname = client.testrealm.test auth_provider = ipa chpass_provider = ipa access_provider = ipa cache_credentials = True ldap_tls_cacert = /etc/ipa/ca.crt krb5_store_password_if_offline = True sudo_provider = ipa subdomains_provider = ipa session_provider = ipa hostid_provider = ipa dyndns_force_tcp = true dyndns_update = true dyndns_update_ptr = true dyndns_refresh_interval = 5 dyndns_auth_ptr = None dyndns_server = master.testrealm.test [sssd] services = nss, pam, ssh, sudo domains = testrealm.test [nss] homedir_substring = /home [pam] [sudo] [autofs] [ssh] [pac] [ifp] [secrets] [session_recording] [root@client ~]# 2020-12-22 14:18:54,837 - sssd.testlib.common.qe_class.QeHost.master.ParamikoTransport - INFO - RUN ipa dnszone-mod 110.0.10.in-addr.arpa. --update-policy='grant * tcp-self * PTR;' 2020-12-22 14:18:54,838 - sssd.testlib.common.qe_class.QeHost.master.cmd16 - DEBUG - RUN ipa dnszone-mod 110.0.10.in-addr.arpa. --update-policy='grant * tcp-self * PTR;' 2020-12-22 14:18:55,602 - sssd.testlib.common.qe_class.QeHost.master.cmd16 - DEBUG - Zone name: 110.0.10.in-addr.arpa. 2020-12-22 14:18:55,602 - sssd.testlib.common.qe_class.QeHost.master.cmd16 - DEBUG - Active zone: TRUE 2020-12-22 14:18:55,602 - sssd.testlib.common.qe_class.QeHost.master.cmd16 - DEBUG - Forward policy: none 2020-12-22 14:18:55,602 - sssd.testlib.common.qe_class.QeHost.master.cmd16 - DEBUG - Authoritative nameserver: master.testrealm.test. 2020-12-22 14:18:55,602 - sssd.testlib.common.qe_class.QeHost.master.cmd16 - DEBUG - Administrator e-mail address: hostmaster 2020-12-22 14:18:55,602 - sssd.testlib.common.qe_class.QeHost.master.cmd16 - DEBUG - SOA serial: 1608664735 2020-12-22 14:18:55,603 - sssd.testlib.common.qe_class.QeHost.master.cmd16 - DEBUG - SOA refresh: 3600 2020-12-22 14:18:55,603 - sssd.testlib.common.qe_class.QeHost.master.cmd16 - DEBUG - SOA retry: 900 2020-12-22 14:18:55,603 - sssd.testlib.common.qe_class.QeHost.master.cmd16 - DEBUG - SOA expire: 1209600 2020-12-22 14:18:55,603 - sssd.testlib.common.qe_class.QeHost.master.cmd16 - DEBUG - SOA minimum: 3600 2020-12-22 14:18:55,603 - sssd.testlib.common.qe_class.QeHost.master.cmd16 - DEBUG - BIND update policy: grant * tcp-self * PTR; 2020-12-22 14:18:55,603 - sssd.testlib.common.qe_class.QeHost.master.cmd16 - DEBUG - Dynamic update: TRUE 2020-12-22 14:18:55,603 - sssd.testlib.common.qe_class.QeHost.master.cmd16 - DEBUG - Allow query: any; 2020-12-22 14:18:55,603 - sssd.testlib.common.qe_class.QeHost.master.cmd16 - DEBUG - Allow transfer: none; 2020-12-22 14:18:55,656 - sssd.testlib.common.qe_class.QeHost.master.cmd16 - DEBUG - Exit code: 0 2020-12-22 14:18:56,189 - sssd.testlib.common.qe_class.QeHost.master.ParamikoTransport - INFO - RUN ipa dnsrecord-del testrealm.test client --del-all 2020-12-22 14:18:56,189 - sssd.testlib.common.qe_class.QeHost.master.cmd18 - DEBUG - RUN ipa dnsrecord-del testrealm.test client --del-all 2020-12-22 14:18:57,177 - sssd.testlib.common.qe_class.QeHost.master.cmd18 - DEBUG - ----------------------- 2020-12-22 14:18:57,178 - sssd.testlib.common.qe_class.QeHost.master.cmd18 - DEBUG - Deleted record "client" 2020-12-22 14:18:57,178 - sssd.testlib.common.qe_class.QeHost.master.cmd18 - DEBUG - ----------------------- 2020-12-22 14:18:57,232 - sssd.testlib.common.qe_class.QeHost.master.cmd18 - DEBUG - Exit code: 0 2020-12-22 14:18:58,261 - sssd.testlib.common.qe_class.QeHost.client.ParamikoTransport - INFO - RUN ['systemctl', 'restart', 'sssd'] 2020-12-22 14:18:58,261 - sssd.testlib.common.qe_class.QeHost.client.cmd43 - DEBUG - RUN ['systemctl', 'restart', 'sssd'] 2020-12-22 14:18:58,768 - sssd.testlib.common.qe_class.QeHost.client.cmd43 - DEBUG - Exit code: 0 2020-12-22 14:19:18,786 - sssd.testlib.common.qe_class.QeHost.client.ParamikoTransport - INFO - RUN nslookup client.testrealm.test 2020-12-22 14:19:18,786 - sssd.testlib.common.qe_class.QeHost.client.cmd44 - DEBUG - RUN nslookup client.testrealm.test 2020-12-22 14:19:18,846 - sssd.testlib.common.qe_class.QeHost.client.cmd44 - DEBUG - Server: 10.0.109.210 2020-12-22 14:19:18,846 - sssd.testlib.common.qe_class.QeHost.client.cmd44 - DEBUG - Address: 10.0.109.210#53 2020-12-22 14:19:18,847 - sssd.testlib.common.qe_class.QeHost.client.cmd44 - DEBUG - 2020-12-22 14:19:18,847 - sssd.testlib.common.qe_class.QeHost.client.cmd44 - DEBUG - Name: client.testrealm.test 2020-12-22 14:19:18,847 - sssd.testlib.common.qe_class.QeHost.client.cmd44 - DEBUG - Address: 10.0.110.36 2020-12-22 14:19:18,847 - sssd.testlib.common.qe_class.QeHost.client.cmd44 - DEBUG - 2020-12-22 14:19:18,849 - sssd.testlib.common.qe_class.QeHost.client.cmd44 - DEBUG - Exit code: 0 2020-12-22 14:19:18,914 - sssd.testlib.common.qe_class.QeHost.client.ParamikoTransport - INFO - RUN nslookup 10.0.110.36 2020-12-22 14:19:18,914 - sssd.testlib.common.qe_class.QeHost.client.cmd45 - DEBUG - RUN nslookup 10.0.110.36 2020-12-22 14:19:18,969 - sssd.testlib.common.qe_class.QeHost.client.cmd45 - DEBUG - 36.110.0.10.in-addr.arpa name = client.testrealm.test. 2020-12-22 14:19:18,969 - sssd.testlib.common.qe_class.QeHost.client.cmd45 - DEBUG - 2020-12-22 14:19:18,970 - sssd.testlib.common.qe_class.QeHost.client.cmd45 - DEBUG - Exit code: 0 2020-12-22 14:19:18,970 - sssd.testlib.common.qe_class.QeHost.client.cmd45 - DEBUG - Exit code: 0 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (sssd bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:1666 |