Dynamic DNS updates with sssd

Hi there

We are using sssd for AD integration on our RHEL 7 servers which works really well.
Now I'm trying to enable dyndns updates so we don't have to request dns changes manually.
Forward entries are created successfully but reverse are not, I think it's because there is no kerberos ticket.
Is it not possible to disable GSS-TSIG in sssd? I can't find anything in the man pages or documentation.

This is the debug log..

(Mon Feb 23 09:41:51 2015) [sssd[be[fqdn.local]]] [write_pipe_handler] (0x0400): (Mon Feb 23 09:41:51 2015) [sssd[be[fqdn.local]]] [be_nsupdate_args] (0x0200): All data has been sent!
nsupdate auth type: GSS-TSIG
(Mon Feb 23 09:41:51 2015) [sssd[be[fqdn.local]]] [ad_online_cb] (0x0400): The AD provider is online
(Mon Feb 23 09:41:51 2015) [sssd[be[fqdn.local]]] [child_sig_handler] (0x0020): child [27195] failed with status [2].
(Mon Feb 23 09:41:51 2015) [sssd[be[fqdn.local]]] [nsupdate_child_handler] (0x0040): Dynamic DNS child failed with status [512]
(Mon Feb 23 09:41:51 2015) [sssd[be[fqdn.local]]] [be_nsupdate_done] (0x0040): nsupdate child execution failed [1432158228]: Dynamic DNS update failed
(Mon Feb 23 09:41:51 2015) [sssd[be[fqdn.local]]] [sdap_dyndns_update_done] (0x0080): nsupdate failed, retrying with server name
(Mon Feb 23 09:41:51 2015) [sssd[be[fqdn.local]]] [nsupdate_msg_create_common] (0x0200): Creating update message for server [dc1.fqdn.local] and realm [fqdn.local]

Running the nsupdate commands manually works fine if I invoke nsupdate without -g option.

Any help is appreciated.
Thanks
Sandro