Thanks for the clarification. Regards 2016-10-20 14:23 GMT-04:00 Alexander Bokovoy <[email protected]>:
> On to, 20 loka 2016, Carlos Raúl Laguna wrote: > >> Hi Alexander, >> I do belive is a DNS problem, the command failing are >> >> host -t srv _ldap._tcp.ad_domain >> or >> dig SRV _ldap._tcp.ad_domain >> after checkig the logs a see this error >> "no valid DS resolving '_ldap._tcp.ad_domain /SRV/IN': 10.20.4.22#53" >> >> so i disable the dnssec validation on IPA and it work as expected, i will >> setup dnssec on the windows side and enable dns validation once more on >> IPA >> to see if can get the same outcome. >> > When you use DNSSEC validation, your DNS infrastructure should all be > using DNSSEC. This does not depend on whether you are deploying trust to > AD or not. > > In fact, when installing FreeIPA server, you have option to disable > DNSSEC validation (ipa-server-install --no-dnssec-validation). The same > option exists in ipa-dns-install. > > -- > / Alexander Bokovoy >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
