[Freeipa-users] Setup of SRV records for new domains
Petr Spacek
pspacek at redhat.com
Mon May 4 08:43:11 UTC 2015
On 4.5.2015 10:23, Brian Topping wrote:
> On second view, I think my brain misfiled this. Maybe the records were
> not set up automatically, another DNS domain I thought had the records in
> fact do not.
>
> As a feature request, it seems like if a domain is added to "Domain
> Realms", it should also get the appropriate records for client
> autodiscovery.
It is actually not necessary to create all the SRV records in all domains.
Client auto-discovery is using the TXT record which is added automatically
and the _kerberos TXT record is like 'redirect'.
The procedure is:
- client client1.sub.example.com. searches for record
_kerberos.sub.example.com TXT
- _kerberos.sub.example.com TXT contains realm name "EXAMPLE.COM"
- now the client knows that all the SRV records are inside example.com. domain
- SRV records from example.com. are used from now on
AFAIK this is very standard Kerberos behavior so it should work for all
standard-compliant clients.
Petr^2 Spacek
> Cheers, Brian
>
>> On May 4, 2015, at 3:03 PM, Brian Topping <brian.topping at gmail.com>
>> wrote:
>>
>> I just added a new domain and didn't see the SRV records added for it.
>> There is a TXT record, but none of the SRV records that are in other
>> DNS domains.
>>
>> After going to the "Realm Domains tab of the "IPA Server"
>> configuration, I see that the new domain was already added there, so I
>> removed it and added it back, hoping that might cause the SRV records
>> to be added, but no luck.
>>
>> Any ideas what I should check for?
>>
>> Thanks, Brian
More information about the Freeipa-users
mailing list