[Freeipa-users] No result when trying to integrate a FreeBSD client with the FreeIPA server
Alexander Bokovoy
abokovoy at redhat.com
Tue Oct 14 10:15:17 UTC 2014
On Tue, 14 Oct 2014, Orkhan Gasimov wrote:
>I tried to avoid setting up a third VM to serve as a DNS server for my
>test scenario. Thought it would be possible to set up working FreeIPA
>client-server interaction with just 2 VMs & correct hostnames &
>/etc/hosts files in them.
Many applications rely on service discovery based on DNS. In particular,
SSSD uses this approach if you don't set explicitly servers for LDAP,
Kerberos, IPA, etc. See sssd-ldap(5), sssd-krb5(5), sssd-ipa(5), section
'SERVICE DISCOVERY'.
The mechanism is described in RFC 2782. It becomes even more important
for cases like integration with Active Directory where AD side relies on
DNS service discovery unconditionally.
IPA has integrated DNS server, all you needed to do is to run
'ipa-server-install --setup-dns' or 'ipa-dns-install' afterwards.
If you don't want to use IPA-provided DNS server, at the end of
ipa-server-install a sample DNS zone was generated to show what records
need to be added to your DNS zone.
>Do I correctly understand your idea that it`s a MUST to set up a DNS
>server to facilitate FreeIPA client-server interaction? Or there`s a
>way to do it with just 2 VMs and no DNS server?
Use integrated DNS server in FreeIPA server, this is supported way of
doing it. FreeIPA then will make it manageable through its tools -- be
it command line interface or web UI.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list