[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DDNS TSIG authentiction of Win2K

Hello everyone,

I would like to implement DDNS resolver supporting TSIG,
which can communicate with DDNS server on MS-Win2K.
As you know, MS-Win2K DDNS server requires TSIG authentication to operate DDNS UPDATE.
And TSIG authentication uses GSS-API(Kerberos5).

TSIG authentication seems to be requiring initial credentials of host as "COMPTER" on Win2K's AD(Active Directory),
not "USER" of that.

I tried registering my client host as USER(not COMPTER) on AD and did TSIG authentication using Heimdal.
However I cannot operate DDNS UPDATE successfully.
GSS_init_sec_context() returns SUCCESS,but Win2K's DDNS server did not respond TKEY query.
I could not know what's going on server?

I guess my host should be registered as COMPUTER on AD.
Acceding to analyze of TSIG protocol between Win2K client and server,
Win2K client get initial credential of host as COMPUTER.

However, I don't know how register my host on AD as COMPTER with password.
It seems to be no password entry for COMPUTER registration of AD.

Does anyone have useful information on this issue?
Any advice are wellcome. I need a lot of information on this.

Thank you in advance,

//Takanori Masui