On Wed, 27 Jan 2016, Simpson Lachlan wrote:
At the end of the installation of the ipa-adtrust-install, there is a
message along the lines of:

Add the following service records to your DNS server for DNS zone
unix.co.org.au:

_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs
_ldap._tcp.dc._msdcs
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs
_kerberos._tcp.dc._msdcs
_kerberos._udp.Default-First-Site-Name._sites.dc._msdcs
_kerberos._udp.dc._msdcs


Which has, I think, been the cause of all of my grief.

Do these SRV records in AD represent the minimum DNS set up required in
Active Directory (my setup is a one way trust from FreeIPA to an AD
over which I have no control, and all DNS is passed up to AD)?
These records are required to exist in the DNS zone of IPA.

These records are required so that the FreeIPA server can find the AD
servers?
These records are required so that AD DCs know where to find IPA domain
controllers.

Also, is it fair to infer that Default-First-Site-Name is in our case co.org.au?
No, this is literal string, it has to be this way.

--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to