Aaah, for me that is outside of my knowledge.
Regards
Angus
________________________________
From: Todd Grayson via FreeIPA-users <freeipa-users(a)lists.fedorahosted.org>
Sent: Friday, March 6, 2020 11:31:36 PM
To: freeipa-users(a)lists.fedorahosted.org <freeipa-users(a)lists.fedorahosted.org>
Cc: Todd Grayson <tgrayson(a)cloudera.com>
Subject: [Freeipa-users] Re: freeIPA in a complex multi-subnet, multi-domain,
multi-identity provider lab environment
Thanks Rob, Thanks Angus,
I am aware of how to point the client to the specific IPA server, what I'm struggling
more with is freeIPA in an environment where its not using DNS for domain and realm
resolution for kerberos, which does work today.
I should have limited my question to the following:
Is it possible to use ipaClient but manage static mappings in the krb5.conf [realm] and
[domain realm] and run with dns_lookup_kdc=false and dns_lookup_realm=false (including the
krb5.conf on the ipa server itself so its aware of all). The question from Angus makes me
believe that having the dns_lookup* = false is a unsupported context in an IPA
environment.
Thanks for your feedback.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.fe...
List Guidelines:
https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedorap...
List Archives:
https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.f...