On Tue, 14 Oct 2014, Orkhan Gasimov wrote:
I tried to avoid setting up a third VM to serve as a DNS server for my
test scenario. Thought it would be possible to set up working FreeIPA
client-server interaction with just 2 VMs & correct hostnames &
/etc/hosts files in them.
Many applications rely on service discovery based on DNS. In particular,
SSSD uses this approach if you don't set explicitly servers for LDAP,
Kerberos, IPA, etc. See sssd-ldap(5), sssd-krb5(5), sssd-ipa(5), section
The mechanism is described in RFC 2782. It becomes even more important
for cases like integration with Active Directory where AD side relies on
DNS service discovery unconditionally.
IPA has integrated DNS server, all you needed to do is to run
'ipa-server-install --setup-dns' or 'ipa-dns-install' afterwards.
If you don't want to use IPA-provided DNS server, at the end of
ipa-server-install a sample DNS zone was generated to show what records
need to be added to your DNS zone.
Do I correctly understand your idea that it`s a MUST to set up a DNS
server to facilitate FreeIPA client-server interaction? Or there`s a
way to do it with just 2 VMs and no DNS server?
Use integrated DNS server in FreeIPA server, this is supported way of
doing it. FreeIPA then will make it manageable through its tools -- be
it command line interface or web UI.
/ Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project