[Freeipa-users] Different domain enrollment
Petr Spacek
pspacek at redhat.com
Tue Aug 25 13:31:58 UTC 2015
On 12.8.2015 14:20, Dewangga Bachrul Alam wrote:
> Hello!
>
> On 08/11/2015 06:25 PM, Alexander Bokovoy wrote:
>> On Tue, 11 Aug 2015, Dewangga Bachrul Alam wrote:
>>> Hello!
>>>
>>> On 08/11/2015 01:43 PM, Alexander Bokovoy wrote:
>>>> On Tue, 11 Aug 2015, Dewangga Bachrul Alam wrote:
>>>>> Hello!
>>>>>
>>>>> I'm having problem with different hostname with primary domain on ipa
>>>>> server. For example, my primary domain is mydomain.co.id, and then if
>>>>> the server hostname using mydomain.co.id, the dns discover was
>>>>> sucessfully.
>>>>>
>>>>> The problem come if the client hostname using different domain, for
>>>>> example anotherdomain.com, the dns discovery was failed. Is there any
>>>>> way to solve it? Should I enter it manually?
>>>> Details of autodiscovery and suggestions how to configure are explained
>>>> in the man page for ipa-client-install, section on DNS autodiscovery.
>>>
>>> Thanks for your hints, but I have another question after read the man
>>> pages. The best practice register client to ipa server is using --domain
>>> or add similar DNS record?
>> You still would need _kerberos TXT record for runtime Kerberos realm
>> detection unless your krb5.conf would contain domain_realms entry for
>> your DNS domain.
>>
>> Using --domain option is, of course, easy.
AFAIK adding _kerberos TXT record should make the auto-detection in
ipa-client-install functional.
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list