On 01/18/2015 03:24 AM, Traiano Welcome wrote:
Hi Dmitri
On Tue, Dec 30, 2014 at 12:17 AM, Dmitri Pal dpal@redhat.com wrote:
On 12/24/2014 01:04 AM, Traiano Welcome wrote:
Hi List
I have a large number of legacy hosts with upper-case host names, that I'd like to configure as IPA clients. However ipa client refuses to accept upper case hostnames during configuration time.
I think this derives from the fact that the kerberos5 database stores host names in a case sensitive way and requires that the DNS hostname matches the server hostname case.
My question is: Is it mandatory that the hostname be lower-cased, or is there a safe workaround that will allow IPA client to work with hosts that have upper case host names ?
Thanks in advance! Traiano
See man sssd-ipa
ipa_hostname (string) Optional. May be set on machines where the hostname(5) does notreflect the fully qualified name used in the IPA domain to identify this host.
AFAIR you use this setting for the cases when you want the actual machine name be different than the one IPA has.
It looks like I would have to add this parameter in the sssd.conf before running the ipa client configuration. In that case, would the configurator not overwrite this parameter ? Or is there some way to provide this option to ipa-client-install initially?
AFAIR then you have to configure it manually. But this question belongs more to SSSD list so I am moving it there.
Also I think the option is to change the name of the host, enroll automatically, then change it back and update the configuration. But I would prefer SSSD gurus to confirm that.
-- Thank you, Dmitri Pal
Sr. Engineering Manager IdM portfolio Red Hat, Inc.
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Thanks in advance, Traiano
On Mon, Jan 19, 2015 at 07:38:54AM -0500, Dmitri Pal wrote:
On 01/18/2015 03:24 AM, Traiano Welcome wrote:
Hi Dmitri
On Tue, Dec 30, 2014 at 12:17 AM, Dmitri Pal dpal@redhat.com wrote:
On 12/24/2014 01:04 AM, Traiano Welcome wrote:
Hi List
I have a large number of legacy hosts with upper-case host names, that I'd like to configure as IPA clients. However ipa client refuses to accept upper case hostnames during configuration time.
I think this derives from the fact that the kerberos5 database stores host names in a case sensitive way and requires that the DNS hostname matches the server hostname case.
My question is: Is it mandatory that the hostname be lower-cased, or is there a safe workaround that will allow IPA client to work with hosts that have upper case host names ?
Thanks in advance! Traiano
See man sssd-ipa
ipa_hostname (string) Optional. May be set on machines where the hostname(5) does notreflect the fully qualified name used in the IPA domain to identify this host.
AFAIR you use this setting for the cases when you want the actual machine name be different than the one IPA has.
It looks like I would have to add this parameter in the sssd.conf before running the ipa client configuration. In that case, would the configurator not overwrite this parameter ? Or is there some way to provide this option to ipa-client-install initially?
AFAIR then you have to configure it manually. But this question belongs more to SSSD list so I am moving it there.
Also I think the option is to change the name of the host, enroll automatically, then change it back and update the configuration. But I would prefer SSSD gurus to confirm that.
Have you tried the --hostname option of ipa-client-install? From the help output:
--hostname=HOSTNAME The hostname of this machine (FQDN). If specified, the hostname will be set and the system configuration will be updated to persist over reboot. By default a nodename result from uname(2) is used.
On 01/19/2015 09:22 AM, Jakub Hrozek wrote:
On Mon, Jan 19, 2015 at 07:38:54AM -0500, Dmitri Pal wrote:
On 01/18/2015 03:24 AM, Traiano Welcome wrote:
Hi Dmitri
On Tue, Dec 30, 2014 at 12:17 AM, Dmitri Pal dpal@redhat.com wrote:
On 12/24/2014 01:04 AM, Traiano Welcome wrote:
Hi List
I have a large number of legacy hosts with upper-case host names, that I'd like to configure as IPA clients. However ipa client refuses to accept upper case hostnames during configuration time.
I think this derives from the fact that the kerberos5 database stores host names in a case sensitive way and requires that the DNS hostname matches the server hostname case.
My question is: Is it mandatory that the hostname be lower-cased, or is there a safe workaround that will allow IPA client to work with hosts that have upper case host names ?
Thanks in advance! Traiano
See man sssd-ipa
ipa_hostname (string) Optional. May be set on machines where the hostname(5) does notreflect the fully qualified name used in the IPA domain to identify this host.
AFAIR you use this setting for the cases when you want the actual machine name be different than the one IPA has.
It looks like I would have to add this parameter in the sssd.conf before running the ipa client configuration. In that case, would the configurator not overwrite this parameter ? Or is there some way to provide this option to ipa-client-install initially?
AFAIR then you have to configure it manually. But this question belongs more to SSSD list so I am moving it there.
Also I think the option is to change the name of the host, enroll automatically, then change it back and update the configuration. But I would prefer SSSD gurus to confirm that.
Have you tried the --hostname option of ipa-client-install? From the help output:
--hostname=HOSTNAME The hostname of this machine (FQDN). If specified, the hostname will be set and the system configuration will be updated to persist over reboot. By default a nodename result from uname(2) is used.
This is not what the person wants. He wants to use short names instead of the FQDNs.
On Mon, Jan 19, 2015 at 10:03:34AM -0500, Dmitri Pal wrote:
On 01/19/2015 09:22 AM, Jakub Hrozek wrote:
On Mon, Jan 19, 2015 at 07:38:54AM -0500, Dmitri Pal wrote:
On 01/18/2015 03:24 AM, Traiano Welcome wrote:
Hi Dmitri
On Tue, Dec 30, 2014 at 12:17 AM, Dmitri Pal dpal@redhat.com wrote:
On 12/24/2014 01:04 AM, Traiano Welcome wrote:
Hi List
I have a large number of legacy hosts with upper-case host names, that I'd like to configure as IPA clients. However ipa client refuses to accept upper case hostnames during configuration time.
I think this derives from the fact that the kerberos5 database stores host names in a case sensitive way and requires that the DNS hostname matches the server hostname case.
My question is: Is it mandatory that the hostname be lower-cased, or is there a safe workaround that will allow IPA client to work with hosts that have upper case host names ?
Thanks in advance! Traiano
See man sssd-ipa
ipa_hostname (string) Optional. May be set on machines where the hostname(5) does notreflect the fully qualified name used in the IPA domain to identify this host.
AFAIR you use this setting for the cases when you want the actual machine name be different than the one IPA has.
It looks like I would have to add this parameter in the sssd.conf before running the ipa client configuration. In that case, would the configurator not overwrite this parameter ? Or is there some way to provide this option to ipa-client-install initially?
AFAIR then you have to configure it manually. But this question belongs more to SSSD list so I am moving it there.
Also I think the option is to change the name of the host, enroll automatically, then change it back and update the configuration. But I would prefer SSSD gurus to confirm that.
Have you tried the --hostname option of ipa-client-install? From the help output:
--hostname=HOSTNAME The hostname of this machine (FQDN). If specified, the hostname will be set and the system configuration will be updated to persist over reboot. By default a nodename result from uname(2) is used.
This is not what the person wants. He wants to use short names instead of the FQDNs.
Ah, I misread the question, then. As Petr Spacek said, I would recommend against it. Even though Kerberos got a lot more forgiving lately in this area.
On 01/19/2015 04:20 PM, Jakub Hrozek wrote:
On Mon, Jan 19, 2015 at 10:03:34AM -0500, Dmitri Pal wrote:
On 01/19/2015 09:22 AM, Jakub Hrozek wrote:
On Mon, Jan 19, 2015 at 07:38:54AM -0500, Dmitri Pal wrote:
On 01/18/2015 03:24 AM, Traiano Welcome wrote:
Hi Dmitri
On Tue, Dec 30, 2014 at 12:17 AM, Dmitri Pal dpal@redhat.com wrote:
On 12/24/2014 01:04 AM, Traiano Welcome wrote: > Hi List > > I have a large number of legacy hosts with upper-case host names, that > I'd like to configure as IPA clients. However ipa client refuses to > accept upper case hostnames during configuration time. > > I think this derives from the fact that the kerberos5 database stores > host names in a case sensitive way and requires that the DNS hostname > matches the server hostname case. > > My question is: Is it mandatory that the hostname be lower-cased, or > is there a safe workaround that will allow IPA client to work with > hosts that have upper case host names ? > > Thanks in advance! > Traiano > See man sssd-ipa
ipa_hostname (string) Optional. May be set on machines where the hostname(5) does notreflect the fully qualified name used in the IPA domain to identify this host.
AFAIR you use this setting for the cases when you want the actual machine name be different than the one IPA has.
It looks like I would have to add this parameter in the sssd.conf before running the ipa client configuration. In that case, would the configurator not overwrite this parameter ? Or is there some way to provide this option to ipa-client-install initially?
AFAIR then you have to configure it manually. But this question belongs more to SSSD list so I am moving it there.
Also I think the option is to change the name of the host, enroll automatically, then change it back and update the configuration. But I would prefer SSSD gurus to confirm that.
Have you tried the --hostname option of ipa-client-install? From the help output:
--hostname=HOSTNAME The hostname of this machine (FQDN). If specified, the hostname will be set and the system configuration will be updated to persist over reboot. By default a nodename result from uname(2) is used.
This is not what the person wants. He wants to use short names instead of the FQDNs.
Ah, I misread the question, then. As Petr Spacek said, I would recommend against it. Even though Kerberos got a lot more forgiving lately in this area.
I know we do not recommend it but I also know it is possible. The question was is it possible in an automated way or only via manual configuration.
sssd-devel@lists.fedorahosted.org
-
Dmitri Pal -
Jakub Hrozek