Sorry, missed words, I meant - such setup of freeipa without DNS completely.

2018-02-13 17:25 GMT+03:00 Andrew Radygin <randr...@gmail.com>:

> I'm running FreeIPA 4.5 server with several hundred hosts and dozens of
> users. And it's perfectly fine, especially if you already have another
> instrument for dns managing.
> I haven't experienced any problems from such setup so far.
>
> 2018-02-13 17:10 GMT+03:00 Andrew Meyer via FreeIPA-users <
> freeipa-users@lists.fedorahosted.org>:
>
>> Fish the entries?  Can you elaborate on that a bit more?
>>
>> Since FreeIPA auto-builds txt records and what not for client
>> machines...How did you do that?
>>
>> Or did you not utilize that?
>>
>>
>> On Tuesday, February 13, 2018 2:58 AM, Alex Corcoles via FreeIPA-users <
>> freeipa-users@lists.fedorahosted.org> wrote:
>>
>>
>> You can, but you need to add the DNS entries that FreeIPA adds to its
>> domain to your DNS server.
>>
>> What I did was install FreeIPA in a test environment and fish the entries
>> from there.
>>
>> On Tue, Feb 13, 2018 at 4:37 AM, Andrew Meyer via FreeIPA-users <
>> freeipa-users@lists.fedorahosted.org> wrote:
>>
>> I know I have sent in multiple emails, but we are trying to deploy
>> FreeIPA correctly.  However I am getting asked to find out some other
>> details.
>>
>> Can FreeIPA survive w/o DNS?  We would like to implement FreeIPA and
>> still be able to use the SSH, sudo, selinux, LDAP & krb5.
>>
>> We are moving to AWS and management is afraid that we will have to
>> maintain multiple sets of DNS.  And that if FreeIPA is the focal point for
>> all servers and god for bid it crashes, there goes our whole environment.
>> They would like to put the zone in R53 and have that handle ALL the
>> records.  If we do go through with not installing DNS w/ FreeIPA will we be
>> shooting ourselves in the foot?
>>
>> I know that FreeIPA relies heavily on DNS and I have seen multiple
>> conversations regarding not to do this, but is this somewhere in the best
>> practices?
>>
>> I found this thread from 2015 but I don't think it applies anymore:
>> Re: [Freeipa-users] Can freeIPA work without Kerberos and DNS
>> <https://www.redhat.com/archives/freeipa-users/2015-March/msg00906.html>
>>
>> Re: [Freeipa-users] Can freeIPA work without Kerberos and DNS
>> <https://www.redhat.com/archives/freeipa-users/2015-March/msg00906.html>
>>
>>
>> The problem is that we have 30 domains that we want to use in R53 and he
>> wants to bypass FreeIPA for doing DNS other than for auth and sudo and
>> ldap.  Could we put entries in the /etc/hosts file to point to the FreeIPA
>> servers?  I feel like this might work and might be more problematic down
>> the line.
>>
>> Regards,
>> Andrew
>>
>> ______________________________ _________________
>> FreeIPA-users mailing list -- freeipa-users@lists. fedorahosted.org
>> <freeipa-users@lists.fedorahosted.org>
>> To unsubscribe send an email to freeipa-users-leave@lists.
>> fedorahosted.org <freeipa-users-le...@lists.fedorahosted.org>
>>
>>
>>
>>
>> --
>>    ___
>>  {~._.~}
>>   ( Y )
>>  ()~*~()  mail: alex at corcoles dot net
>>  (_)-(_)  http://alex.corcoles.net/
>>
>> _______________________________________________
>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>> To unsubscribe send an email to freeipa-users-le...@lists.fedo
>> rahosted.org
>>
>>
>>
>> _______________________________________________
>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>> To unsubscribe send an email to freeipa-users-le...@lists.fedo
>> rahosted.org
>>
>>
>
>
> --
> Best regards, Andrew.
>



-- 
Best regards, Andrew.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to