subject:"Re\: \[Freeipa\-users\] Active Directory slave zone in FreeIPA DNS \(Franklin\)"

Re: [Freeipa-users] Active Directory slave zone in FreeIPA DNS (Franklin)

2012-09-07 Thread Dmitri Pal

On 08/27/2012 07:53 AM, Petr Spacek wrote:
> Hello,
>
> On 08/23/2012 07:00 AM, Franklin Catoni wrote:
>>  >>Hi,
>> Hello,
>>  >>Is the zone not transferring at all, or is it just the updates that's
>>  >>not transferred to the AD slave server?
>> It's not transferring at all.
>>  >>If the zone is not transferring at all: Did yo modify the "Allow
>>  >>transfer" property of the zone ?
>> yes, I change the parameter to allow zone transfers from the AD
>>  >>If the updates is not transferring: I believe automatic increment
>> of the
>>  >>zone serial number will be supported in IPA 3.0. The IPA
>> developers will
>>  >>have to confirm that. However you can manually change the serial
>> number
>>  >>under Zone Settings.
>> Yes, I also read this information but I was hoping there was some other
>> solution to the issue. And I've done manually change the serial
>> number of the
>> zone but without success
>>  >>Hope this helps.
>> Thanks
>>
>>  >>Regards,
>>  >>Siggi
>
> I'm a bit confused, so I tried to summarize your configuration. Please
> correct me if I'm wrong:
>
> zone "ejemplo.com" = hosted on AD server
> zone "ejemplo.gob.ve" = hosted on FreeIPA server
>
> What is your target? Do you want to have both zones on each server?
> I.e. one server will be master for one zone and slave for the other
> zone (at the same time)?
>
> Zone transfers are supported from IPA 3.0. IPA can host only master
> zones, slave zones have to be set in /etc/named.conf manually. There
> is no centralized management of slave zones.
>
>
> Generally, you can test zone-transfers with dig:
>
> slave$ dig @master_IP -t AXFR zone.name
>
> It should print something like:
>
> zone.example.86400INSOA   
> unused-4-107.brq.redhat.com. nonexistent.zone.example. 1344953446 123
> 123 666 1
> zone.example.86400INNSunused-4-107.brq.redhat.com.
> zone.example.86400INTXT"zone.example"
> ...
> zone.example.86400INSOA   
> unused-4-107.brq.redhat.com. nonexistent.zone.example. 1344953446 123
> 123 666 1
>
> This way you can test ACL and other settings on master.
>
> Does transfer with dig it work for both master servers?
>
> Petr^2 Spacek
>

I can find any updates on this thread.
Has the issue been resolved?

>
>>
>> 2012/8/20 > >
>>
>> Send Freeipa-users mailing list submissions to
>> freeipa-users@redhat.com 
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> or, via email, send a message with subject or body 'help' to
>> freeipa-users-requ...@redhat.com
>> 
>>
>> You can reach the person managing the list at
>> freeipa-users-ow...@redhat.com
>> 
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of Freeipa-users digest..."
>>
>>
>> Today's Topics:
>>
>> 1. Re: Active Directory slave zone in FreeIPA DNS (Sigbjorn Lie)
>> 2. Re: sssd client cache timer and merging IPA domains
>>(Rob Crittenden)
>> 3. Re: Question about migration and scripts variables
>>(Rob Crittenden)
>> 4. Specifying load balancing to SSSD clients (Innes, Duncan)
>> 5. Re: Specifying load balancing to SSSD clients (Mark St.
>> Laurent)
>>
>>
>>
>> --
>>
>> Message: 1
>> Date: Sun, 19 Aug 2012 18:23:20 +0200
>> From: Sigbjorn Lie > >
>> To: freeipa-users@redhat.com 
>> Subject: Re: [Freeipa-users] Active Directory slave zone in FreeIPA
>>  DNS
>> Message-ID: <503112f8.8000...@nixtra.com
>> >
>> Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"
>>
>> On 08/19/2012 04:39 PM, Franklin Catoni wrote:
>>  > Greetings community.
>>  >
>>  > I do not speak English so I will do my best.
>>  >
>>  > I have two environments in my company, a domain "ejemplo.com
>> 
>>  > " with Windows Active Directory running on
>> Windows
>>  > Server 2003 Enterprise Edition SP2 and domain  "ejemplo.gob.ve
>> 
>>  > " with FreeIPA v2.2. mounted on Centos
>> 6.3 x64.
>>  >  This is because we are in the middle of a platform migration
>> process
>>  > (a very slow process) from proprietary solutions to open source.
>>  >
>>  > DNS and DHCP service for my two environments is offered by the
>> server
>>  > Centos 6.3 which is mounted FreeIPA directory, clients are
>> Windows
>>  > computers Active Directory domain and linux computers in the
>> domain Ipa.
>>  >
>>  > Currently the zone "ej

Re: [Freeipa-users] Active Directory slave zone in FreeIPA DNS (Franklin)

2012-08-27 Thread Petr Spacek


Hello,

On 08/23/2012 07:00 AM, Franklin Catoni wrote:

 >>Hi,
Hello,
 >>Is the zone not transferring at all, or is it just the updates that's
 >>not transferred to the AD slave server?
It's not transferring at all.
 >>If the zone is not transferring at all: Did yo modify the "Allow
 >>transfer" property of the zone ?
yes, I change the parameter to allow zone transfers from the AD
 >>If the updates is not transferring: I believe automatic increment of the
 >>zone serial number will be supported in IPA 3.0. The IPA developers will
 >>have to confirm that. However you can manually change the serial number
 >>under Zone Settings.
Yes, I also read this information but I was hoping there was some other
solution to the issue. And I've done manually change the serial number of the
zone but without success
 >>Hope this helps.
Thanks

 >>Regards,
 >>Siggi


I'm a bit confused, so I tried to summarize your configuration. Please correct 
me if I'm wrong:


zone "ejemplo.com" = hosted on AD server
zone "ejemplo.gob.ve" = hosted on FreeIPA server

What is your target? Do you want to have both zones on each server? I.e. one 
server will be master for one zone and slave for the other zone (at the same 
time)?


Zone transfers are supported from IPA 3.0. IPA can host only master zones, 
slave zones have to be set in /etc/named.conf manually. There is no 
centralized management of slave zones.



Generally, you can test zone-transfers with dig:

slave$ dig @master_IP -t AXFR zone.name

It should print something like:

zone.example.		86400	IN	SOA	unused-4-107.brq.redhat.com. 
nonexistent.zone.example. 1344953446 123 123 666 1

zone.example.   86400   IN  NS  unused-4-107.brq.redhat.com.
zone.example.   86400   IN  TXT "zone.example"
...
zone.example.		86400	IN	SOA	unused-4-107.brq.redhat.com. 
nonexistent.zone.example. 1344953446 123 123 666 1


This way you can test ACL and other settings on master.

Does transfer with dig it work for both master servers?

Petr^2 Spacek




2012/8/20 mailto:freeipa-users-requ...@redhat.com>>

Send Freeipa-users mailing list submissions to
freeipa-users@redhat.com 

To subscribe or unsubscribe via the World Wide Web, visit
https://www.redhat.com/mailman/listinfo/freeipa-users
or, via email, send a message with subject or body 'help' to
freeipa-users-requ...@redhat.com 

You can reach the person managing the list at
freeipa-users-ow...@redhat.com 

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeipa-users digest..."


Today's Topics:

1. Re: Active Directory slave zone in FreeIPA DNS (Sigbjorn Lie)
2. Re: sssd client cache timer and merging IPA domains
   (Rob Crittenden)
3. Re: Question about migration and scripts variables
   (Rob Crittenden)
4. Specifying load balancing to SSSD clients (Innes, Duncan)
5. Re: Specifying load balancing to SSSD clients (Mark St. Laurent)


--

Message: 1
Date: Sun, 19 Aug 2012 18:23:20 +0200
From: Sigbjorn Lie mailto:sigbj...@nixtra.com>>
To: freeipa-users@redhat.com 
Subject: Re: [Freeipa-users] Active Directory slave zone in FreeIPA
 DNS
Message-ID: <503112f8.8000...@nixtra.com 
>
Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"

On 08/19/2012 04:39 PM, Franklin Catoni wrote:
 > Greetings community.
 >
 > I do not speak English so I will do my best.
 >
 > I have two environments in my company, a domain "ejemplo.com

 > " with Windows Active Directory running on Windows
 > Server 2003 Enterprise Edition SP2 and domain  "ejemplo.gob.ve

 > " with FreeIPA v2.2. mounted on Centos 6.3 x64.
 >  This is because we are in the middle of a platform migration process
 > (a very slow process) from proprietary solutions to open source.
 >
 > DNS and DHCP service for my two environments is offered by the server
 > Centos 6.3 which is mounted FreeIPA directory, clients are Windows
 > computers Active Directory domain and linux computers in the domain Ipa.
 >
 > Currently the zone "ejemplo.gob.ve 
" is
 > administered by the FreeIPA DNS using the plugin
 > (bind-dyndb-ldap.x86_64 v1.1.0) and I configure a slave zone using
 > bind (bind-9.8.2-0.10.rc1.el6_3.2 . x86_64) for the domain
 > "ejemplo.com  " Active Directory
 >
 > Name resolution works perfectly for both Linux and Windows clients.
 >
 > Now here comes the

Re: [Freeipa-users] Active Directory slave zone in FreeIPA DNS (Franklin)

2012-08-22 Thread Franklin Catoni

>>Hi,
Hello,
>>Is the zone not transferring at all, or is it just the updates that's
>>not transferred to the AD slave server?
It's not transferring at all.
>>If the zone is not transferring at all: Did yo modify the "Allow
>>transfer" property of the zone ?
yes, I change the parameter to allow zone transfers from the AD
>>If the updates is not transferring: I believe automatic increment of the
>>zone serial number will be supported in IPA 3.0. The IPA developers will
>>have to confirm that. However you can manually change the serial number
>>under Zone Settings.
Yes, I also read this information but I was hoping there was some other
solution to the issue. And I've done manually change the serial number of
the zone but without success
>>Hope this helps.
Thanks

>>Regards,
>>Siggi

2012/8/20 

> Send Freeipa-users mailing list submissions to
> freeipa-users@redhat.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://www.redhat.com/mailman/listinfo/freeipa-users
> or, via email, send a message with subject or body 'help' to
> freeipa-users-requ...@redhat.com
>
> You can reach the person managing the list at
> freeipa-users-ow...@redhat.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeipa-users digest..."
>
>
> Today's Topics:
>
>1. Re: Active Directory slave zone in FreeIPA DNS (Sigbjorn Lie)
>2. Re: sssd client cache timer and merging IPA domains
>   (Rob Crittenden)
>3. Re: Question about migration and scripts variables
>   (Rob Crittenden)
>4. Specifying load balancing to SSSD clients (Innes, Duncan)
>5. Re: Specifying load balancing to SSSD clients (Mark St. Laurent)
>
>
> --
>
> Message: 1
> Date: Sun, 19 Aug 2012 18:23:20 +0200
> From: Sigbjorn Lie 
> To: freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] Active Directory slave zone in FreeIPA
> DNS
> Message-ID: <503112f8.8000...@nixtra.com>
> Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"
>
> On 08/19/2012 04:39 PM, Franklin Catoni wrote:
> > Greetings community.
> >
> > I do not speak English so I will do my best.
> >
> > I have two environments in my company, a domain "ejemplo.com
> > " with Windows Active Directory running on Windows
> > Server 2003 Enterprise Edition SP2 and domain  "ejemplo.gob.ve
> > " with FreeIPA v2.2. mounted on Centos 6.3 x64.
> >  This is because we are in the middle of a platform migration process
> > (a very slow process) from proprietary solutions to open source.
> >
> > DNS and DHCP service for my two environments is offered by the server
> > Centos 6.3 which is mounted FreeIPA directory, clients are Windows
> > computers Active Directory domain and linux computers in the domain Ipa.
> >
> > Currently the zone "ejemplo.gob.ve " is
> > administered by the FreeIPA DNS using the plugin
> > (bind-dyndb-ldap.x86_64 v1.1.0) and I configure a slave zone using
> > bind (bind-9.8.2-0.10.rc1.el6_3.2 . x86_64) for the domain
> > "ejemplo.com " Active Directory
> >
> > Name resolution works perfectly for both Linux and Windows clients.
> >
> > Now here comes the tricky part
> >
> > In order to find a more centralized management of my services, I try
> > to configure a slave zone to Active Directory through FreeIPA with
> > dyndb bind-plugin-ldap and so to eliminate configuration through bind,
> > but the transfers zone does not work, causing this many problems on
> > both platforms.
> >
> > The log shows me the following error:
> >
> > ServidorIPA named[3706]: zone ejemplo.com/IN/local
> > : zone serial (2012081801) unchanged.
> > zone may fail to transfer to slaves
> >
> > I've spent enough time looking at Super Google information that can
> > help me but it has not been easy, because it seems to be a rare
> situation.
> >
> > I ask. You can set this up under these circumstances?
> > Someone has accomplished?
> > Some information that horiente me to get a solution?
> >
> > Thanks for your time.
> >
> Hi,
>
> Is the zone not transferring at all, or is it just the updates that's
> not transferred to the AD slave server?
>
> If the zone is not transferring at all: Did yo modify the "Allow
> transfer" property of the zone ?
>
> If the updates is not transferring: I believe automatic increment of the
> zone serial number will be supported in IPA 3.0. The IPA developers will
> have to confirm that. However you can manually change the serial number
> under Zone Settings.
>
> Hope this helps.
>
>
> Regards,
> Siggi
>
> -- next part --
> An HTML attachment was scrubbed...
> URL: <
> https://www.redhat.com/archives/freeipa-users/attachments/20120819/73825288/attachment.html
> >
>
> --
>
> Message: 2
> Date: Mon, 20 Aug 2012 08:44:32 -0400
> Fro

Re: [Freeipa-users] Active Directory slave zone in FreeIPA DNS (Franklin)

Re: [Freeipa-users] Active Directory slave zone in FreeIPA DNS (Franklin)

Re: [Freeipa-users] Active Directory slave zone in FreeIPA DNS (Franklin)

3 matches

Site Navigation

Mail list logo

Footer information