Hi, What I meant was that the IPA server is managing two zones:
Linux.john.com Which has these records Ipa1 A 192.168.0.140 client1 A 192.168.0.11 0.168.192.in-addr.arpa. Which has these records 11 PTR client1.linux.john.com @ NS ipa1.linux.john.com In the AD forward lookup zones >John.com >>linux (Same as parent folder) NS ipa1.linux.john.com Anything more that's unclear? Thank you very much! John On Tue, Jul 14, 2015, 15:52 Petr Spacek <[email protected]> wrote: > On 14.7.2015 14:49, John Stein wrote: > > I ran the above commands exactly as I told you on the IPA server. I also > > set the IPA server as a global forwarder in the AD. > > > > On Wed, Jul 8, 2015, 12:50 Petr Spacek <[email protected]> wrote: > > > >> > On 5.7.2015 08:38, John Stein wrote: > >>> > > Hi, > >>> > > > >>> > > I ran these commands in the IdM server > >>> > > > >>> > > $ ipa dnszone-mod 2.0.192.in-addr.arpa. --update-policy='grant > JOHN.COM > >>> > > krb5-self * PTR; grant LINUX.JOHN.COM krb5-self * PTR;' > >>> > > $ ipa dnszone-mod 2.0.192.in-addr.arpa. --dynamic-update=1 > >>> > > > >>> > > At the Active Directory I have A and PTR records for the IdM > server and > >> > it > >>> > > is configured as a global forwarder. > >>> > > At the IdM server there are A and PTR records for both the IdM > server and > >>> > > another client. > > Can you explain what you did, exactly? I do not know what 'I have A and PTR > records for the IdM server' exactly means. We need to know exactly what you > typed in and where you clicked in AD. > > The original information is not sufficient, that is why I asking for more > details. > > Petr^2 Spacek > > >>> > > However this setup does not work. > >>> > > From the IdM and linux client every record is resolvable, however > from > >> > the > >>> > > AD only the IdM is resolvable and the client is not. > >>> > > > >>> > > Maybe there's another thing I need to configure in the AD in order > to > >>> > > enable forwarding that I'm missing? > >> > > >> > I'm not sure I understand you. >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
