Hi,

What I meant was that the IPA server is managing two zones:

Linux.john.com
Which has these records
Ipa1 A 192.168.0.140
client1 A 192.168.0.11

0.168.192.in-addr.arpa.
Which has these records
11 PTR client1.linux.john.com
@ NS ipa1.linux.john.com

In the AD
forward lookup zones
>John.com
>>linux
(Same as parent folder) NS ipa1.linux.john.com

Anything more that's unclear?

Thank you very much!
John

On Tue, Jul 14, 2015, 15:52 Petr Spacek <pspa...@redhat.com> wrote:

> On 14.7.2015 14:49, John Stein wrote:
> > I ran the above commands exactly as I told you on the IPA server. I also
> > set the IPA server as a global forwarder in the AD.
> >
> > On Wed, Jul 8, 2015, 12:50 Petr Spacek <pspa...@redhat.com> wrote:
> >
> >> > On 5.7.2015 08:38, John Stein wrote:
> >>> > > Hi,
> >>> > >
> >>> > > I ran these commands in the IdM server
> >>> > >
> >>> > > $ ipa dnszone-mod 2.0.192.in-addr.arpa. --update-policy='grant
> JOHN.COM
> >>> > > krb5-self * PTR; grant LINUX.JOHN.COM krb5-self * PTR;'
> >>> > > $ ipa dnszone-mod 2.0.192.in-addr.arpa. --dynamic-update=1
> >>> > >
> >>> > > At the Active Directory I have A and PTR records for the IdM
> server and
> >> > it
> >>> > > is configured as a global forwarder.
> >>> > > At the IdM server there are A and PTR records for both the IdM
> server and
> >>> > > another client.
>
> Can you explain what you did, exactly? I do not know what 'I have A and PTR
> records for the IdM server' exactly means. We need to know exactly what you
> typed in and where you clicked in AD.
>
> The original information is not sufficient, that is why I asking for more
> details.
>
> Petr^2 Spacek
>
> >>> > > However this setup does not work.
> >>> > > From the IdM and linux client every record is resolvable, however
> from
> >> > the
> >>> > > AD only the IdM is resolvable and the client is not.
> >>> > >
> >>> > > Maybe there's another thing I need to configure in the AD in order
> to
> >>> > > enable forwarding that I'm missing?
> >> >
> >> > I'm not sure I understand you.
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to