[Freeipa-users] Still unclear about relation between IPA DNS domain and company DNS domain.
Petr Spacek
pspacek at redhat.com
Tue Dec 20 08:07:25 UTC 2016
On 8.12.2016 10:12, Pieter Nagel wrote:
> On Thu, Dec 8, 2016 at 10:59 AM, Alexander Bokovoy <abokovoy at redhat.com>
> wrote:
>
>> It is really simply: your DNS domain named as your Kerberos realm must
>> be under your control, one way or another, to allow automatic discovery
>> of resources to work.
>>
>
> Thanks, this explanation makes it crystal clear. This exact phrasing would
> have made the docs much clearer too, IMO.
>
> Setting the realm to the DNS domain that the FreeIPA internal DNS server
> serves is just one simple out-of-the box way to get DNS domain named as
> your Kerberos realm that is under your control, in other words.
I've tried to clarify things in man pages and on web as well. Please have a
look to changes and let us know if it is better or not, and preferably what
can be improved and in which way
The modified deployment page is here:
http://www.freeipa.org/page/Deployment_Recommendations
Man page changes and changes in description of installer options are here:
https://github.com/freeipa/freeipa/pull/352
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list