[Freeipa-users] One kerberos realm, two dns zones and SSHFP records
David Kupka
dkupka at redhat.com
Thu Mar 23 07:14:10 UTC 2017
On Wed, Mar 22, 2017 at 03:29:06PM -0400, Ranbir wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Hi Everyone,
>
> I'm using a fully updated CentOS 7.3 environment for two IPA servers. I
> have one kerberos realm, one dns zone with the same name as the
> kerberos realm and another dns zone with a different name. DNS is
> managed by IPA. For the sake of this message:
>
> realm: REALM.IPA
> dnszone1: realm.ipa
> dnszone2: random.ipa
>
> When I join a server that's going into the realm.ipa dns zone to the
> IPA domain, SSHFP records for that server get automatically created in
> realm.ipa. But, when I do the same for a server going into the
> random.ipa dns zone, the SSHFP aren't automatically created. I have to
> do add the SSHFP records manually after the client install completes.
>
> Why are SSHFP records not added automatically for the second dns zone
> and I how can I fix this situation?
>
> Thanks in advance.
>
> Ranbir
>
>
> - --
> Ranbir
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQIcBAEBCgAGBQJY0tCCAAoJEN7T/ly5z1dik3cP/0Xx0Vk0cIfbloYJuVb1ffMH
> mJzKg3BaSEasWL3mJSsgPQS7CZWFi6PgBZLc79nwJhve1tAZC5+pMwVZwY9F7U9a
> liZdK1l7a0agpDwnupISdih5PG6TGNEfVjHezKKwnDgjUWMOqak7BM3KIffjhNzc
> SpuZHUDuY8QD2DeyO8iuuJjt+BUiWJ+Weh1OJq4UKWT68wALc/TbdtLi5OWlFtnV
> rClTbOhPvm8I4Md3DT0vDdhKqPiUvBGPKgse7HZIN9G4W6/wpM3hU1+ETYgXWqIX
> yRSK0rjjxfrWKIqRUB1sCKLlkdd+wMaRa/uCnRgvRhYjYUrwyPaH11N41lvE7zUz
> ccJnaZXkDcIWW9wkAQxx3XXx5vHR33VTS13nkZv4QsHSoJOXcqrsr+Q1r28WmLcZ
> wb3osINWIEmFCX6knZVRZLDhAefHz+FVsJwzsh6iCdqar+LzFvR0hRUJ0Fepxs8M
> bkKEZ3LztTtDssX+AO7CqkMZSQ5DHiT9Yo1gHXr2zTEt3qzxyuE0GjMyXzBWyMV4
> TpOXoRVQMUvEEV2ecpEATBEKghqXOMqhSeGAObfdlEKADTt11u8ONxwutFYPxybD
> Sxfd6yvg2/QvB8GYgLMkENuJWdwbFYrlb3GQ04TKjcW6TklcRyjsI8x/Wg3LjofQ
> AEtlIGyrGau9jPaeHYwd
> =mJn4
> -----END PGP SIGNATURE-----
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
Hello Ranbir,
are other records (A, AAAA, PTR, ...) created for the client in random.ipa and
just SSHFP missing? Is the domain random.ipa properly delegated? Is sshd
installed and keys generated on client in random.ipa?
--
David Kupka
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170323/7a587db6/attachment.sig>
More information about the Freeipa-users
mailing list