[Freeipa-devel] [PATCH] 050 KDC autodiscovery may fail when domain is not realm
Martin Kosek
mkosek at redhat.com
Tue Apr 26 13:28:06 UTC 2011
How to test:
1) Install IPA server with DNS support with --realm=TESTRELM (different
from DOMAIN)
2) Configure client machine to use this DNS server
3) Run "ipa-client-install" on the client machine
- Unpatched installer fails because it cannot find KDC for DNS domain
"testrelm"
- Patched installer turns off KDC DNS autodiscovery and installation
succeeds
If DNS zone "testrelm" with appropriate SRV records is configured,
installer allows KDC DNS autodiscovery.
Hint for new zone configuration:
# ipa dnszone-add TESTRELM --name-server=vm-057.idm.lab.bos.redhat.com. --admin-email=root at testrelm
# ipa dnsrecord-add testrelm _kerberos --txt-rec=TESTRELM
# ipa dnsrecord-add testrelm _kerberos-master._tcp --srv-rec="0 100 88 vm-057"
# ipa dnsrecord-add testrelm _kerberos-master._udp --srv-rec="0 100 88 vm-057"
# ipa dnsrecord-add testrelm _kerberos._udp --srv-rec="0 100 88 vm-057"
# ipa dnsrecord-add testrelm _kerberos._tcp --srv-rec="0 100 88 vm-057"
# ipa dnsrecord-add idm.lab.bos.redhat.com gordo --a-rec=10.16.78.1
# ipa dnsrecord-add testrelm vm-057 --cname-rec="vm-057.idm.lab.bos.redhat.com."
# service named reload
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkosek-050-kdc-autodiscovery-may-fail-when-domain-is-not-realm.patch
Type: text/x-patch
Size: 6057 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20110426/09d7201d/attachment.bin>
More information about the Freeipa-devel
mailing list