[Freeipa-users] ipa-trust and SRV records
Alexander Bokovoy
abokovoy at redhat.com
Wed Jan 27 05:37:33 UTC 2016
On Wed, 27 Jan 2016, Simpson Lachlan wrote:
>At the end of the installation of the ipa-adtrust-install, there is a
>message along the lines of:
>
>Add the following service records to your DNS server for DNS zone
>unix.co.org.au:
>
> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs
> _ldap._tcp.dc._msdcs
> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs
> _kerberos._tcp.dc._msdcs
> _kerberos._udp.Default-First-Site-Name._sites.dc._msdcs
> _kerberos._udp.dc._msdcs
>
>
>Which has, I think, been the cause of all of my grief.
>
>Do these SRV records in AD represent the minimum DNS set up required in
>Active Directory (my setup is a one way trust from FreeIPA to an AD
>over which I have no control, and all DNS is passed up to AD)?
These records are required to exist in the DNS zone of IPA.
>These records are required so that the FreeIPA server can find the AD
>servers?
These records are required so that AD DCs know where to find IPA domain
controllers.
>Also, is it fair to infer that Default-First-Site-Name is in our case co.org.au?
No, this is literal string, it has to be this way.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list