[Freeipa-users] New FreeIPA Install; Testing for Proof of Concept

Wed Aug 8 19:33:01 UTC 2012

On Wed, Aug 8, 2012 at 2:16 PM, Rob Ogilvie <rob at axpr.net> wrote:
> On Wed, Aug 8, 2012 at 11:52 AM, Simo Sorce <simo at redhat.com> wrote:
>> On Wed, 2012-08-08 at 11:23 -0700, Rob Ogilvie wrote:
>> > -I'm going to set up the IPA server with a new realm;
>> > UNIX.MYCOMPANY.COM (do I need to have our DNS folks put an SRV record
>> > up there for that?  If so, what?)
>>
>> If your DNS people want to manually mange DNS for you then they need to
>> create the unix.mydomain.com zone and manually create SRV and TXT
>> records for kerberos and ldap IPA servers.
>
> Is there a doc that explains what those SRV and TXT records need to look like?

If you're not familiar with this document then you need to spend some
quality time with it:

http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/Identity_Management_Guide/index.html

:)

In it you'll find:

If a DNS server is already configured in the network, then the
configuration in the IPA-generated file can be added to the existing
DNS zone file. This allows IPA clients to find LDAP and Kerberos
servers that are required for them to participate in the IPA domain.
For example, this DNS zone configuration is created for an IPA server
with the KDC and DNS servers all on the same machine in the
EXAMPLE.COM realm:
; ldap servers
_ldap._tcp              IN SRV 0 100 389        ipaserver.example.com.

;kerberos realm
_kerberos               IN TXT EXAMPLE.COM

; kerberos servers
_kerberos._tcp          IN SRV 0 100 88         ipaserver.example.com.
_kerberos._udp          IN SRV 0 100 88         ipaserver.example.com.
_kerberos-master._tcp   IN SRV 0 100 88         ipaserver.example.com.
_kerberos-master._udp   IN SRV 0 100 88         ipaserver.example.com.
_kpasswd._tcp           IN SRV 0 100 464        ipaserver.example.com.
_kpasswd._udp           IN SRV 0 100 464        ipaserver.example.com.