#234 ipa-client-install domain and server discovery
Closed: Fixed None Opened 13 years ago by rcritten.

Passing domain and server arguments to ipa-client-install sets dnsok but if the records aren't actually in DNS then enrollment will fail because the krb5.conf we use for enrollment won't point to a KDC.

Also look at bug https://bugzilla.redhat.com/show_bug.cgi?id=508176


try harder and do the right thing with discovery
freeipa-531-discovery.patch

For testing you'll need your own DNS install either inside or separate from IPA server.

You'll need 2 machines, a server already configured and a client.

There are 3 main scenarios:

  1. No SRV records. You should be able to both type in the domain and server interactively and have it configure the client and be able to pass both in via the command line and have it work.

  2. SRV records in the same domain. This is the typical case. Your domain is example.com and your SRV records sit there. Your client is in the same domain. Auto-discovery should work, you shouldn't have to manually provide domain/server.

  3. SRV records in a different domain, perhaps a subdomain, from the hostname. An example is server domain is ipa.corp.example.com and client is ipa.dhcp.example.com. Auto-discovery should work if you have corp.redhat.com in the search line of /etc/resolv.conf. You can look at /var/log/ipaclient-install.log for a log of the domains that autodiscovery looks at.

If there are SRV records in the domain somewhere then this could hose up IPA server installation. When given --on-master we should not do autodiscovery.

Don't do autodiscovery on master install.
freeipa-540-client.patch

master: 155699acc0f84246dcad2f9121827477c1e920e3

Metadata Update from @rcritten:
- Issue assigned to rcritten
- Issue set to the milestone: FreeIPA 2.0 - 2010/09

7 years ago

Login to comment on this ticket.

Metadata