[Freeipa-devel] [PATCH] 050 KDC autodiscovery may fail when domain is not realm
Martin Kosek
mkosek at redhat.com
Tue May 17 06:58:30 UTC 2011
On Mon, 2011-05-16 at 23:01 -0400, Rob Crittenden wrote:
> Martin Kosek wrote:
> > How to test:
> >
> > 1) Install IPA server with DNS support with --realm=TESTRELM (different
> > from DOMAIN)
> > 2) Configure client machine to use this DNS server
> > 3) Run "ipa-client-install" on the client machine
> > - Unpatched installer fails because it cannot find KDC for DNS domain
> > "testrelm"
> > - Patched installer turns off KDC DNS autodiscovery and installation
> > succeeds
> >
> > If DNS zone "testrelm" with appropriate SRV records is configured,
> > installer allows KDC DNS autodiscovery.
> >
> > Hint for new zone configuration:
> > # ipa dnszone-add TESTRELM --name-server=vm-057.idm.lab.bos.redhat.com. --admin-email=root at testrelm
> > # ipa dnsrecord-add testrelm _kerberos --txt-rec=TESTRELM
> > # ipa dnsrecord-add testrelm _kerberos-master._tcp --srv-rec="0 100 88 vm-057"
> > # ipa dnsrecord-add testrelm _kerberos-master._udp --srv-rec="0 100 88 vm-057"
> > # ipa dnsrecord-add testrelm _kerberos._udp --srv-rec="0 100 88 vm-057"
> > # ipa dnsrecord-add testrelm _kerberos._tcp --srv-rec="0 100 88 vm-057"
> > # ipa dnsrecord-add idm.lab.bos.redhat.com gordo --a-rec=10.16.78.1
> > # ipa dnsrecord-add testrelm vm-057 --cname-rec="vm-057.idm.lab.bos.redhat.com."
> > # service named reload
> >
> > Martin
>
> ack, works great.
>
> rob
Pushed to master, ipa-2-0.
Martin
More information about the Freeipa-devel
mailing list