On Wed, Aug 8, 2012 at 2:16 PM, Rob Ogilvie <r...@axpr.net> wrote: > On Wed, Aug 8, 2012 at 11:52 AM, Simo Sorce <s...@redhat.com> wrote: >> On Wed, 2012-08-08 at 11:23 -0700, Rob Ogilvie wrote: >> > -I'm going to set up the IPA server with a new realm; >> > UNIX.MYCOMPANY.COM (do I need to have our DNS folks put an SRV record >> > up there for that? If so, what?) >> >> If your DNS people want to manually mange DNS for you then they need to >> create the unix.mydomain.com zone and manually create SRV and TXT >> records for kerberos and ldap IPA servers. > > Is there a doc that explains what those SRV and TXT records need to look like?
If you're not familiar with this document then you need to spend some quality time with it: http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/Identity_Management_Guide/index.html :) In it you'll find: If a DNS server is already configured in the network, then the configuration in the IPA-generated file can be added to the existing DNS zone file. This allows IPA clients to find LDAP and Kerberos servers that are required for them to participate in the IPA domain. For example, this DNS zone configuration is created for an IPA server with the KDC and DNS servers all on the same machine in the EXAMPLE.COM realm: ; ldap servers _ldap._tcp IN SRV 0 100 389 ipaserver.example.com. ;kerberos realm _kerberos IN TXT EXAMPLE.COM ; kerberos servers _kerberos._tcp IN SRV 0 100 88 ipaserver.example.com. _kerberos._udp IN SRV 0 100 88 ipaserver.example.com. _kerberos-master._tcp IN SRV 0 100 88 ipaserver.example.com. _kerberos-master._udp IN SRV 0 100 88 ipaserver.example.com. _kpasswd._tcp IN SRV 0 100 464 ipaserver.example.com. _kpasswd._udp IN SRV 0 100 464 ipaserver.example.com. _______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users