Hi,
On Tue, Oct 8, 2019 at 2:14 PM Jason Dunham via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
I am trying to set up a small office of software developers with FreeIPA. My
ipa-server-install fails with "DNS zone
example.com. already exists in DNS and is
handled by servers foo1.myisp.net...".
We do have basic hosted dns for our few public facing servers but I want to run an
internal DNS on the LAN (and on the OpenVPN) to do name resolution. We don't
currently have any AD or Kerberos, this is basically a new company with just a few people
and a few workstations and will probably never grow very large without massive
infrastructure changes that would be way out of scope for what I am trying to do.
I was going to set up the internal computers as
workstation1.internal.mycompany.com,
workstation2.internal.mycompany.com, etc. since my understanding is that I can't do it
without a subdomain since the primary domain DNS server already exists.
The understanding is right. Also having
internal.mycompany.com for
internal stuff and
mycompany.com for public-facing stuff should prove
less of a hassle to maintain in the long run.
I am putting this on a new server with a fresh install of CentOS 8.
The ipa server is
ipa.mycompany.com, or is it supposed to be ipa.internal.mycompany.com?
I'd go for
ipa0.internal.mycompany.com
Please set this as FQDN.
I was trying to use all the defaults when calling ipa-server-install
--setup-dns, but I don't really understand where to tell it about the subdomain.
--domain=domain_name
but you probably don't need to specify it if you use
ipa0.internal.mycompany.com as FQDN.
None of the many tutorials I have read seem to deal with my use case
even though it seems like something lots of people would want to do. Am I using the right
tool for this job? Am I just not finding the right web page that makes it easy?
"# ipa-server-install -h", "Basic options"
The above tool has a man page too.
Can I run a small network with about 10 hosts and about 10 users on
one freeipa host?
Yes, if the host fulfills the minimum requirements, see:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...
If you can spare the RAM, 3-4GB will help. Make sure to have swap
configured as well.
However having a single server is not resilient. Having a replica would help.
Best regards,
François
I also have a separate box for pfsense/openvpn and maybe I could run
a failover dns server on that, but I can't even get the main server running.
Thanks in advance for any help with this.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...