5:22 p.m.
Hi,
I completed installation using the recommended FQHN ipa.<mydomain>.de of FreeIPA
server.
How can I add a client host configured with sub-domain local.<mydomain>.de?
THX
1:36 a.m.
New subject: How to add host with subdomain local.<mydomain>.de
On 11/19/18 12:22 AM, 74cmonty via FreeIPA-users wrote:
Hi,
I completed installation using the recommended FQHN ipa.<mydomain>.de of FreeIPA
server.
How can I add a client host configured with sub-domain local.<mydomain>.de?
Hi,
if FreeIPA server was installed with embedded DNS, you can add a DNS
zone for local.<mydomain>.de (see [1]), have the client point to FreeIPA
master DNS (configure /etc/resolv.conf) and simply run
ipa-client-install --domain <mydomain>.de --realm <MYDOMAIN>.DE.
HTH,
flo
[1]
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...
THX
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
4:33 a.m.
New subject: How to add host with subdomain local.<mydomain>.de
Hi Florence,
I intend to define a subdomain for each network, e.g.
DMZ = dmz.<mydomain>.de (10.0.0.0/24) -> VLAN
LAN = local.<mydomain>.de (192.168.1.0/24)
SHZ = smz.<mydomain>.de (Smart Home Network) (10.0.10.0/28) -> VLAN
Does this make sense to you?
Or is this an overkill?
THX
Thomas
4:49 a.m.
New subject: How to add host with subdomain local.<mydomain>.de
On ti, 27 marras 2018, 74cmonty via FreeIPA-users wrote:
Hi Florence,
I intend to define a subdomain for each network, e.g.
DMZ = dmz.<mydomain>.de (10.0.0.0/24) -> VLAN
LAN = local.<mydomain>.de (192.168.1.0/24)
SHZ = smz.<mydomain>.de (Smart Home Network) (10.0.10.0/28) -> VLAN
Does this make sense to you?
Or is this an overkill?
There is no specific reason to object here, from FreeIPA
point of view,
of course.
Look at ipa-client-install's manual page:
-------------------------------------------------
DNS Autodiscovery
Client installer by default tries to search for _ldap._tcp.DOMAIN
DNS SRV records for all domains that are parent to its hostname.
For example, if a client machine has a hostname
'client1.lab.example.com', the installer will try to retrieve an
IPA server hostname from _ldap._tcp.lab.example.com,
_ldap._tcp.example.com and _ldap._tcp.com DNS SRV records,
respectively. The discovered domain is then used to configure
client components (e.g. SSSD and Kerberos 5 configuration) on the
machine.
When the client machine hostname is not in a subdomain of an
IPA server, its domain can be passed with --domain option. In
that case, both SSSD and Kerberos components have the domain set
in the configuration files and will use it to autodiscover IPA
servers.
Client machine can also be configured without a DNS autodiscovery
at all. When both --server and --domain options are used, client
installer will use the specified server and domain directly.
--server option accepts multiple server hostnames which can be
used for failover mechanism. Without DNS autodiscovery, Kerberos
is configured with a fixed list of KDC and Admin servers. SSSD
is still configured to either try to read domain's SRV records or
the specified fixed list of servers. When --fixed-primary option
is specified,
SSSD will not try to read DNS SRV record at all (see sssd-ipa(5) for details).
-------------------------------------------------
So it is irrelevant where the client is -- pass --domain <IPA primary domain>
to ipa-client-install and it will be discovered automatically.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
1976
days inactive
1985
days old
freeipa-users@lists.fedorahosted.org
3 comments
3 participants
participants (3)
-
74cmonty -
Alexander Bokovoy -
Florence Blanc-Renaud