On Mon, Jan 19, 2015 at 07:38:54AM -0500, Dmitri Pal wrote: > On 01/18/2015 03:24 AM, Traiano Welcome wrote: >> Hi Dmitri >> >> >> On Tue, Dec 30, 2014 at 12:17 AM, Dmitri Pal <dpal(a)redhat.com&gt; wrote: >>> On 12/24/2014 01:04 AM, Traiano Welcome wrote: >>>> Hi List >>>> >>>> I have a large number of legacy hosts with upper-case host names, that >>>> I'd like to configure as IPA clients. However ipa client refuses to >>>> accept upper case hostnames during configuration time. >>>> >>>> I think this derives from the fact that the kerberos5 database stores >>>> host names in a case sensitive way and requires that the DNS hostname >>>> matches the server hostname case. >>>> >>>> My question is: Is it mandatory that the hostname be lower-cased, or >>>> is there a safe workaround that will allow IPA client to work with >>>> hosts that have upper case host names ? >>>> >>>> Thanks in advance! >>>> Traiano >>>> >>> See man sssd-ipa >>> >>> ipa_hostname (string) >>> Optional. May be set on machines where the hostname(5) does not >>> reflect the fully qualified name used in the IPA domain to identify this >>> host. >>> >>> AFAIR you use this setting for the cases when you want the actual machine >>> name be different than the one IPA has. >> >> It looks like I would have to add this parameter in the sssd.conf >> before running the ipa client configuration. In that case, would the >> configurator not overwrite this parameter ? >> Or is there some way to provide this option to ipa-client-install initially? > AFAIR then you have to configure it manually. > But this question belongs more to SSSD list so I am moving it there. > > Also I think the option is to change the name of the host, enroll > automatically, then change it back and update the configuration. > But I would prefer SSSD gurus to confirm that. Have you tried the --hostname option of ipa-client-install? From the help output: --hostname=HOSTNAME The hostname of this machine (FQDN). If specified, the hostname will be set and the system configuration will be updated to persist over reboot. By default a nodename result from uname(2) is used.

On Mon, Jan 19, 2015 at 10:03:34AM -0500, Dmitri Pal wrote: > On 01/19/2015 09:22 AM, Jakub Hrozek wrote: >> On Mon, Jan 19, 2015 at 07:38:54AM -0500, Dmitri Pal wrote: >>> On 01/18/2015 03:24 AM, Traiano Welcome wrote: >>>> Hi Dmitri >>>> >>>> >>>> On Tue, Dec 30, 2014 at 12:17 AM, Dmitri Pal <dpal(a)redhat.com&gt; wrote: >>>>> On 12/24/2014 01:04 AM, Traiano Welcome wrote: >>>>>> Hi List >>>>>> >>>>>> I have a large number of legacy hosts with upper-case host names, that >>>>>> I'd like to configure as IPA clients. However ipa client refuses to >>>>>> accept upper case hostnames during configuration time. >>>>>> >>>>>> I think this derives from the fact that the kerberos5 database stores >>>>>> host names in a case sensitive way and requires that the DNS hostname >>>>>> matches the server hostname case. >>>>>> >>>>>> My question is: Is it mandatory that the hostname be lower-cased, or >>>>>> is there a safe workaround that will allow IPA client to work with >>>>>> hosts that have upper case host names ? >>>>>> >>>>>> Thanks in advance! >>>>>> Traiano >>>>>> >>>>> See man sssd-ipa >>>>> >>>>> ipa_hostname (string) >>>>> Optional. May be set on machines where the hostname(5) does not >>>>> reflect the fully qualified name used in the IPA domain to identify this >>>>> host. >>>>> >>>>> AFAIR you use this setting for the cases when you want the actual machine >>>>> name be different than the one IPA has. >>>> It looks like I would have to add this parameter in the sssd.conf >>>> before running the ipa client configuration. In that case, would the >>>> configurator not overwrite this parameter ? >>>> Or is there some way to provide this option to ipa-client-install initially? >>> AFAIR then you have to configure it manually. >>> But this question belongs more to SSSD list so I am moving it there. >>> >>> Also I think the option is to change the name of the host, enroll >>> automatically, then change it back and update the configuration. >>> But I would prefer SSSD gurus to confirm that. >> Have you tried the --hostname option of ipa-client-install? From the >> help output: >> >> --hostname=HOSTNAME >> The hostname of this machine (FQDN). If specified, the >> hostname will be set and the system configuration will >> be updated to persist over reboot. By default a >> nodename result from uname(2) is used. > This is not what the person wants. > He wants to use short names instead of the FQDNs. Ah, I misread the question, then. As Petr Spacek said, I would recommend against it. Even though Kerberos got a lot more forgiving lately in this area.