On 14.7.2015 14:49, John Stein wrote: > I ran the above commands exactly as I told you on the IPA server. I also > set the IPA server as a global forwarder in the AD. > > On Wed, Jul 8, 2015, 12:50 Petr Spacek <pspa...@redhat.com> wrote: > >> > On 5.7.2015 08:38, John Stein wrote: >>> > > Hi, >>> > > >>> > > I ran these commands in the IdM server >>> > > >>> > > $ ipa dnszone-mod 2.0.192.in-addr.arpa. --update-policy='grant JOHN.COM >>> > > krb5-self * PTR; grant LINUX.JOHN.COM krb5-self * PTR;' >>> > > $ ipa dnszone-mod 2.0.192.in-addr.arpa. --dynamic-update=1 >>> > > >>> > > At the Active Directory I have A and PTR records for the IdM server and >> > it >>> > > is configured as a global forwarder. >>> > > At the IdM server there are A and PTR records for both the IdM server >>> > > and >>> > > another client.
Can you explain what you did, exactly? I do not know what 'I have A and PTR records for the IdM server' exactly means. We need to know exactly what you typed in and where you clicked in AD. The original information is not sufficient, that is why I asking for more details. Petr^2 Spacek >>> > > However this setup does not work. >>> > > From the IdM and linux client every record is resolvable, however from >> > the >>> > > AD only the IdM is resolvable and the client is not. >>> > > >>> > > Maybe there's another thing I need to configure in the AD in order to >>> > > enable forwarding that I'm missing? >> > >> > I'm not sure I understand you. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
