[Freeipa-devel] [PATCH] 050 KDC autodiscovery may fail when domain is not realm
Rob Crittenden
rcritten at redhat.com
Tue May 17 03:01:19 UTC 2011
Martin Kosek wrote:
> How to test:
>
> 1) Install IPA server with DNS support with --realm=TESTRELM (different
> from DOMAIN)
> 2) Configure client machine to use this DNS server
> 3) Run "ipa-client-install" on the client machine
> - Unpatched installer fails because it cannot find KDC for DNS domain
> "testrelm"
> - Patched installer turns off KDC DNS autodiscovery and installation
> succeeds
>
> If DNS zone "testrelm" with appropriate SRV records is configured,
> installer allows KDC DNS autodiscovery.
>
> Hint for new zone configuration:
> # ipa dnszone-add TESTRELM --name-server=vm-057.idm.lab.bos.redhat.com. --admin-email=root at testrelm
> # ipa dnsrecord-add testrelm _kerberos --txt-rec=TESTRELM
> # ipa dnsrecord-add testrelm _kerberos-master._tcp --srv-rec="0 100 88 vm-057"
> # ipa dnsrecord-add testrelm _kerberos-master._udp --srv-rec="0 100 88 vm-057"
> # ipa dnsrecord-add testrelm _kerberos._udp --srv-rec="0 100 88 vm-057"
> # ipa dnsrecord-add testrelm _kerberos._tcp --srv-rec="0 100 88 vm-057"
> # ipa dnsrecord-add idm.lab.bos.redhat.com gordo --a-rec=10.16.78.1
> # ipa dnsrecord-add testrelm vm-057 --cname-rec="vm-057.idm.lab.bos.redhat.com."
> # service named reload
>
> Martin
ack, works great.
rob
More information about the Freeipa-devel
mailing list