Thanks Alexander for such a nice explanation.
I've a follow-up thing to ask , i understood your point that if i'm using
primary domain and realm as "avtar.test" then .stg.avtar.test and
.testing.stg.avtar.test are two DNS zones nested within avtar.test. and the
integrated DNS in IPA master doe
Hello there. I'm trying to setup squid proxy to use FreeIPA as LDAP backend for user authentication. Everything works fine while using basic authentication. In order to use digest authentication I need users to have an specific password storage scheme (MD5 of user:realm:password combination). Can s
ok, issue was with SELinux:
SELinux is preventing sssd_be from read access on the file /etc/hosts.
* Plugin restorecon (99.5
confidence) suggests
In addition, I see some troubling errors in
/var/log/sssd/sssd_home.mydomain.com.log
like 'cannot resolve' and 'not working'. While I am able to resolve properly my
ipaserver and the domain without problems when doing it manually.
http://freetexthost.com/h2gty4nmun
__
On su, 03 maalis 2019, Vivek Aggarwal via FreeIPA-users wrote:
btw, i've created a new machine with following settings , by abandoning the
".local" TLD
Hostname : testing-infra-01-dal1.testing.stg.avtar.test
realm_name: avtar.test
domain_name: avtar.test
But still getting the same error as bel
Hi,
I've installed ipa-client on my laptop without issues, it did found domain
properly.
kinit connects to ipa but I am unable to su any user or even login:
(root)$ su my_user
su: user my_user does not exist
(root)$ cat /var/log/sssd/sssd_nss.log
(Sun Mar 3 09:54:41 2019) [sssd[nss]] [nss_get
btw, i've created a new machine with following settings , by abandoning the
".local" TLD
Hostname : testing-infra-01-dal1.testing.stg.avtar.test
realm_name: avtar.test
domain_name: avtar.test
But still getting the same error as below
+++
ipapython.dnsutil: ERROR
Thanks John , its means a lot of help.
Just out of curiosity , how you're able to search & share the specific RFC so
quickly, is this something i also should also follow in terms of referring RFC
docs to get clarity ?
Is there any RFC's website/links which you can share & will be of help for me
Your specific issue might not be because the .local TLD, but .local is a
special ‘reserved’ name for multicast DNS. You can use any other (including
fake) TLD that is not registered.
There are some other TLDs that are ’special’, like the one used for reverse-IP
records in APIPA. Best to avoid su
Thanks John,
It would be nice if you can elaborate bit more & share your advise on:-
i) Whats wrong in the current hostname convention as still i dont have clear
understanding what is that which is causing a problem in the current setup? ..
any links/thoughts which can explain this will be of
In that case I don’t know how to help (but someone else might). As per
https://tools.ietf.org/html/rfc6762 .local isn’t supposed to be used the way
you are using it at this time, and it will conflict with pretty much any
standard system. I don’t know how to patch/override that without breaking a
I used to look for the same thing, but it didn’t make sense in the end: IPA
isn’t authoritative on what IP adressen are used, and why. That is where
infrastructure configuration management is for, i.e. your DHCP servers and
tooling used to static configuration (like Salt and Ansible).
John
> O
Yes its inheritance & it was done on purpose to generate TLS certificates as
per hostnames.
Hence kindly suggest how to configure IPA to accommodate this mDNS’s TLD.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe
Hey Guy's,
I'm looking for an IPAM (IP Address Management) tool that will integrate
with FreeIPA to provide:
1) IP Management
2) Provides DHCP
3) *Integrates well with FreeIPA*
Many of the tools I saw provide conflicting capabilities. Would be
great if the IPAM tool checked FreeIPA to see i
Did you select mDNS’s TLD .local on purpose? Or was this an inheritance.
> On 3 Mar 2019, at 14:49, Vivek Aggarwal via FreeIPA-users
> wrote:
>
> Our current implementation has multiple dots(.) names in the hostname
> ,details mentioned below & we're using below setting while configuring the
Our current implementation has multiple dots(.) names in the hostname ,details
mentioned below & we're using below setting while configuring the IPA/Redhat
IDM server with integrated DNS.
Hostname : testing-infra-01-dal1.testing.stg.avtar.local
realm_name: avtar.local
domain_name: avtar.local
16 matches
Mail list logo
