Re: [Freeipa-users] Do clients have to be in teh same DNS zone / FQDN as the IPA servers / Kerberos Realm?
but Im getting hammered by my management for instant answers...they asked last night and expect an answer this morning.and I'm expected to catch up and deploy several important solutions/projects all hinging on IPA ASAP... 2.2 isnt in RHEL6.3 though? Are you using fedora, centos or rhel? The last bit implies rhel but then you seem to desire an SLA and a response on the upstream users' mailing list Although there are a large number of people here using IPA along with redhat developers might I suggest for a critical thing where you need an answer within 24 hours you are better off following the standard support channels of your RHEL contract? If you don't have a support contract now could be a good time to explain to management that if they require quick answers then they need to pay for them... if they do things on the cheap then they require patience... ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Do clients have to be in teh same DNS zone / FQDN as the IPA servers / Kerberos Realm?
I assume with no reply, now one knows? regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Steven Jones [steven.jo...@vuw.ac.nz] Sent: Wednesday, 20 June 2012 2:17 p.m. To: freeipa-users@redhat.com Subject: [Freeipa-users] Do clients have to be in teh same DNS zone / FQDN as the IPA servers / Kerberos Realm? My IPA servers are say ipa1 and 2.ipa.example.com I have existing linux servers that I would rather not change the FQDN on, say server1.example.com Do I actually have to make the client server1.ipa.example.com or can I leave it as is at server1.example.com? Would that give any IPA problems? or is it just poor practice? regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Do clients have to be in teh same DNS zone / FQDN as the IPA servers / Kerberos Realm?
Steven Jones wrote: I assume with no reply, now one knows? That's not really fair, it hasn't even been 24 hours. My IPA servers are say ipa1 and 2.ipa.example.com I have existing linux servers that I would rather not change the FQDN on, say server1.example.com Do I actually have to make the client server1.ipa.example.com or can I leave it as is at server1.example.com? Would that give any IPA problems? or is it just poor practice? Yes, you should be able to enroll server1.example.com into the ipa.example.com realm. You'll need a v2.2+ client for this to work. A patch was added (contributed by a user, actually) that will add a domain mapping to krb5.conf so this should work. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Do clients have to be in teh same DNS zone / FQDN as the IPA servers / Kerberos Realm?
Hi, Sorry. but Im getting hammered by my management for instant answers...they asked last night and expect an answer this morning.and I'm expected to catch up and deploy several important solutions/projects all hinging on IPA ASAP... 2.2 isnt in RHEL6.3 though? Anyway I will leave it longer, but Qs seem to drop off the list pretty quickly... regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 From: Rob Crittenden [rcrit...@redhat.com] Sent: Thursday, 21 June 2012 8:31 a.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Do clients have to be in teh same DNS zone / FQDN as the IPA servers / Kerberos Realm? Steven Jones wrote: I assume with no reply, now one knows? That's not really fair, it hasn't even been 24 hours. My IPA servers are say ipa1 and 2.ipa.example.com I have existing linux servers that I would rather not change the FQDN on, say server1.example.com Do I actually have to make the client server1.ipa.example.com or can I leave it as is at server1.example.com? Would that give any IPA problems? or is it just poor practice? Yes, you should be able to enroll server1.example.com into the ipa.example.com realm. You'll need a v2.2+ client for this to work. A patch was added (contributed by a user, actually) that will add a domain mapping to krb5.conf so this should work. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users