Re: [Freeipa-users] Free-IPA in an AWS Base Image
On Mon, Feb 10, 2014 at 10:02:53PM -0800, Steve Severance wrote: I want to create an AWS AMI that when it starts up will register itself with a Free-IPA instance. The issue I have run into so far is every instance when it starts up uses the original instances hostname. What do I need to do to have free-ipa work in a DHCP environment like this? Is the AMI supposed to be internal to some organization / domain or is it supposed to be completely public? I slightly assume the first because you probably have some particular FreeIPA server instance hardcoded in the AMI. Is it acceptable to change the hostname of the instance to be in the domain managed by the FreeIPA server? -- Jan Pazdziora Principal Software Engineer, Identity Management Engineering, Red Hat ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Free-IPA in an AWS Base Image
On 02/11/2014 07:02 AM, Steve Severance wrote: I want to create an AWS AMI that when it starts up will register itself with a Free-IPA instance. The issue I have run into so far is every instance when it starts up uses the original instances hostname. What do I need to do to have free-ipa work in a DHCP environment like this? That's a good question. AWS is not really a friendly environment for Kerberos based IdM solution, especially the changing hostname part. There are procedures and workarounds to make it running, but it still has some sharp edges. You can find the most information in a great blog post by our user [1] or in an upstream ticket [2] which should improve the situation in next releases. Martin [1] http://cloud-mechanic.blogspot.com/2013/10/diversion-kerberos-freeipa-in-aws-ec2.html [2] https://fedorahosted.org/freeipa/ticket/3961 ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
