diff options
| author | Martin Kosek <mkosek@redhat.com> | 2012-04-04 16:31:04 +0200 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2012-04-08 20:35:10 -0400 |
| commit | 184a066f4abc0ef83434f8cebbec87028258db65 (patch) | |
| tree | 743ca11fc1b4effb7ebd04511dc477bc79acbc3b /ipaserver/install/krbinstance.py | |
| parent | dcea80fc1700aff5a87e3f3bff442e80455243a0 (diff) | |
| download | freeipa-184a066f4abc0ef83434f8cebbec87028258db65.tar.gz freeipa-184a066f4abc0ef83434f8cebbec87028258db65.tar.xz freeipa-184a066f4abc0ef83434f8cebbec87028258db65.zip | |
Fix installation when server hostname is not in a default domain
When IPA server is configured with DNS and its hostname is not
located in a default domain, SRV records are not valid.
Additionally, httpd does not serve XMLRPC interface because it
IPA server domain-realm mapping is missing in krb5.conf. All CLI
commands were then failing.
This patch amends this configuration. It fixes SRV records in
served domain to include full FQDN instead of relative hostname
when the IPA server hostname is not located in served domain.
IPA server forward record is also placed to correct zone.
When IPA server is not in a served domain a proper domain-realm
mapping is configured to krb5.conf. The template was improved
in order to be able to hold this information.
https://fedorahosted.org/freeipa/ticket/2602
Diffstat (limited to 'ipaserver/install/krbinstance.py')
| -rw-r--r-- | ipaserver/install/krbinstance.py | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py index 02890ac96..f38ae9b42 100644 --- a/ipaserver/install/krbinstance.py +++ b/ipaserver/install/krbinstance.py @@ -233,6 +233,19 @@ class KrbInstance(service.Service): SERVER_ID=dsinstance.realm_to_serverid(self.realm), REALM=self.realm) + # IPA server/KDC is not a subdomain of default domain + # Proper domain-realm mapping needs to be specified + dr_map = '' + if not self.fqdn.endswith(self.domain): + root_logger.debug("IPA FQDN '%s' is not located in default domain '%s'" \ + % (self.fqdn, self.domain)) + server_host, dot, server_domain = self.fqdn.partition('.') + root_logger.debug("Domain '%s' needs additional mapping in krb5.conf" \ + % server_domain) + dr_map = " .%(domain)s = %(realm)s\n %(domain)s = %(realm)s\n" \ + % dict(domain=server_domain, realm=self.realm) + self.sub_dict['OTHER_DOMAIN_REALM_MAPS'] = dr_map + def __configure_sasl_mappings(self): # we need to remove any existing SASL mappings in the directory as otherwise they # they may conflict. |