On Fri, 2011-11-04 at 17:07 +0100, tomasz.napier...@allegro.pl wrote:
> On 4 lis 2011, at 16:57, Simo Sorce wrote:
> > Not necessarily related to your problem, but in general I would
> > suggest all freeipa users to:
> > a) use domain names that are longer than a single component
> > (for example in your case 'ipa.dc2' instead of just 'dc2')
> > b) let the kerberos realm exactly match the domain name.
> > (In your case let it be 'IPA.DC2')
> > We do not enforce these rules but not following them can cause you
> > additional headaches in some cases.
> I know that from 1.x deployment. Unfortunately adding another domain
> would completely destroy our infrastructure management tools ;)
You seem to be in one of those corner cases for which we decided to not
enforce those rule programmatically ...
Simo Sorce * Red Hat, Inc * New York
Freeipa-users mailing list