On Fri, May 28, 2010 at 10:02 AM, Stjepan Gros <sg...@zemris.fer.hr> wrote: > Hi! > > I have a simple question regarding adding hosts in Kerberos when hosts > are dynamically assigned IP addresses and registered to DNS. In such > cases, ipa-addservice complains that host has to have A record in DNS > and doesn't want to add new principal. > > So, there are two choices: > > 1. temporarily add DNS records, run ipa-addservice, and remove DNS > records, or > > 2. connect PC to network in order for host to receive IP address and > registers with DNS, and then run ipa-addservice > > Unfortunatelly, my situation is such that option 2 isn't possible, and > option 1 seems more like a hack than something systematic. > > So, is there a third option? > > Stjepan > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users >
i haven't even installed freeipa yet, so someone somewhere probably already addressed this. Consider these 4 random thoughts: Why not use an offline IP address and an online IP address? If a hosts normal online address is 10.10.10.125, a hosts offline IP address is 172.16.10.125. Actually, offline address is traditionally 0.0.0.0. Does ipa-addservice work when the dns entry is 0.0.0.0? Does ipa-addservice work when multiple hosts have the same zero ip 0.0.0.0? Some systems pull DNS info from LDAP (pdns-ldap http://www.linuxnetworks.de/doc/index.php/PowerDNS_LDAP_Backend). So even if the DNS entries are not all there, a precreated ldap entry could exist. Maybe the --force option does this. ipa-addservice could use UUID / GUID entries instead of IP addresses. If the clients are powered on and connected to the internet but not your LAN, then a secondary remotely accessible virtual IP may help, but there is likely a chicken and egg problem at this point. _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users