Ash Ryder via FreeIPA-users wrote: > So i enrolled with the below settings and didn't make and changes with > regards to the KRB5KDC.Conf or add a Cname record and can authenticate with > my AD user account and obtain a ticket to this client. I thought i wouldn't > be able to without these settings changed. Am i missing something with > regards to SSO? if I just want to manage access to my Linux machines is this > setup okay? what ability do i loose? > > ipa-client-install --domain linux.example.com --enable-dns-updates > > This program will set up FreeIPA client. > Version 4.7.2 > > WARNING: conflicting time&date synchronization service 'ntp' will be disabled > in favor of chronyd > > Discovery was successful! > Client hostname: Server.example.com > Realm: LINUX.EXAMPLE.COM > DNS Domain: linux.example.com > IPA Server: IPA01.linux.example.com > BaseDN: dc=linux,dc=example,dc=com
ipa-client-install configures the machine to work with Kerberos (e.g. updates /etc/krb5.conf). I don't know what you mean about a DNS cname but one should generally not be required. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
