[Freeipa-users] Do clients have to be in teh same DNS zone / FQDN as the IPA servers / Kerberos Realm?

Erinn Looney-Triggs erinn.looneytriggs at gmail.com
Wed Jun 20 20:58:45 UTC 2012 

Yeah it is:
cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.3 (Santiago)

ipa-client-2.2.0-16.el6.x86_64
ipa-pki-common-theme-9.0.3-7.el6.noarch
ipa-pki-ca-theme-9.0.3-7.el6.noarch
ipa-server-selinux-2.2.0-16.el6.x86_64
ipa-server-2.2.0-16.el6.x86_64
ipa-python-2.2.0-16.el6.x86_64
ipa-admintools-2.2.0-16.el6.x86_64
libipa_hbac-1.8.0-32.el6.x86_64


-Erinn

On Wed, Jun 20, 2012 at 2:44 PM, Steven Jones <Steven.Jones at vuw.ac.nz>wrote:

> Hi,
>
> Sorry.....
>
> but Im getting hammered by my management for instant answers.......they
> asked last night and expect an answer this morning.....and I'm expected to
> catch up and deploy several important solutions/projects all hinging on IPA
>   ASAP.......
>
> 2.2 isnt in RHEL6.3 though?
>
> Anyway I will leave it longer, but Qs seem to drop off the list pretty
> quickly.......
>
> regards
>
> Steven Jones
>
> Technical Specialist - Linux RHCE
>
> Victoria University, Wellington, NZ
>
> 0064 4 463 6272
>
> ________________________________________
> From: Rob Crittenden [rcritten at redhat.com]
> Sent: Thursday, 21 June 2012 8:31 a.m.
> To: Steven Jones
> Cc: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] Do clients have to be in teh same DNS zone /
> FQDN as the IPA servers / Kerberos Realm?
>
> Steven Jones wrote:
> > I assume with no reply, now one knows?
>
> That's not really fair, it hasn't even been 24 hours.
>
> > My IPA servers are say  ipa1 and 2.ipa.example.com
> >
> > I have existing linux servers that I would rather not change the FQDN
> on, say server1.example.com Do I actually have to make the client
> server1.ipa.example.com or can I leave it as is at server1.example.com?
> Would that give any IPA problems? or is it just poor practice?
>
> Yes, you should be able to enroll server1.example.com into the
> ipa.example.com realm. You'll need a v2.2+ client for this to work. A
> patch was added (contributed by a user, actually) that will add a domain
> mapping to krb5.conf so this should work.
>
> rob
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120620/9b7ab324/attachment.htm>

More information about the Freeipa-users mailing list