diff options
-rw-r--r-- | install/share/krb5.conf.template | 2 | ||||
-rw-r--r-- | ipaserver/install/bindinstance.py | 38 | ||||
-rw-r--r-- | ipaserver/install/krbinstance.py | 13 |
3 files changed, 40 insertions, 13 deletions
diff --git a/install/share/krb5.conf.template b/install/share/krb5.conf.template index 3bdbc9995..eda8ba6fe 100644 --- a/install/share/krb5.conf.template +++ b/install/share/krb5.conf.template @@ -22,7 +22,7 @@ [domain_realm] .$DOMAIN = $REALM $DOMAIN = $REALM - +$OTHER_DOMAIN_REALM_MAPS [dbmodules] $REALM = { db_library = ipadb.so diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index ba8b7b5cc..ce3166122 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -395,7 +395,6 @@ class BindInstance(service.Service): self.domain = domain_name self.forwarders = forwarders self.host = fqdn.split(".")[0] - self.host_domain = '.'.join(fqdn.split(".")[1:]) self.suffix = util.realm_to_suffix(self.realm) self.ntp = ntp self.reverse_zone = reverse_zone @@ -409,6 +408,21 @@ class BindInstance(service.Service): self.__setup_sub_dict() + @property + def host_domain(self): + return '.'.join(self.fqdn.split(".")[1:]) + + @property + def host_in_rr(self): + # when a host is not in a default domain, it needs to be referred + # with FQDN and not in a domain-relative host name + if not self.host_in_default_domain(): + return normalize_zone(self.fqdn) + return self.host + + def host_in_default_domain(self): + return normalize_zone(self.host_domain) == normalize_zone(self.domain) + def create_sample_bind_zone(self): bind_txt = ipautil.template_file(ipautil.SHARE_DIR + "bind.zone.db.template", self.sub_dict) [bind_fd, bind_name] = tempfile.mkstemp(".db","sample.zone.") @@ -474,7 +488,7 @@ class BindInstance(service.Service): if self.ntp: optional_ntp = "\n;ntp server\n" - optional_ntp += "_ntp._udp\t\tIN SRV 0 100 123\t%s""" % self.host + optional_ntp += "_ntp._udp\t\tIN SRV 0 100 123\t%s""" % self.host_in_rr else: optional_ntp = "" @@ -495,7 +509,7 @@ class BindInstance(service.Service): self._ldap_mod("dns.ldif", self.sub_dict) def __setup_zone(self): - if self.host_domain != self.domain: + if not self.host_in_default_domain(): # add DNS domain for host first root_logger.debug("Host domain (%s) is different from DNS domain (%s)!" \ % (self.host_domain, self.domain)) @@ -512,14 +526,14 @@ class BindInstance(service.Service): def __add_self(self): zone = self.domain resource_records = ( - ("_ldap._tcp", "SRV", "0 100 389 %s" % self.host), + ("_ldap._tcp", "SRV", "0 100 389 %s" % self.host_in_rr), ("_kerberos", "TXT", self.realm), - ("_kerberos._tcp", "SRV", "0 100 88 %s" % self.host), - ("_kerberos._udp", "SRV", "0 100 88 %s" % self.host), - ("_kerberos-master._tcp", "SRV", "0 100 88 %s" % self.host), - ("_kerberos-master._udp", "SRV", "0 100 88 %s" % self.host), - ("_kpasswd._tcp", "SRV", "0 100 464 %s" % self.host), - ("_kpasswd._udp", "SRV", "0 100 464 %s" % self.host), + ("_kerberos._tcp", "SRV", "0 100 88 %s" % self.host_in_rr), + ("_kerberos._udp", "SRV", "0 100 88 %s" % self.host_in_rr), + ("_kerberos-master._tcp", "SRV", "0 100 88 %s" % self.host_in_rr), + ("_kerberos-master._udp", "SRV", "0 100 88 %s" % self.host_in_rr), + ("_kpasswd._tcp", "SRV", "0 100 464 %s" % self.host_in_rr), + ("_kpasswd._udp", "SRV", "0 100 464 %s" % self.host_in_rr), ) for (host, type, rdata) in resource_records: @@ -528,10 +542,10 @@ class BindInstance(service.Service): else: add_rr(zone, host, type, rdata) if self.ntp: - add_rr(zone, "_ntp._udp", "SRV", "0 100 123 %s" % self.host) + add_rr(zone, "_ntp._udp", "SRV", "0 100 123 %s" % self.host_in_rr) # Add forward and reverse records to self - add_fwd_rr(zone, self.host, self.ip_address) + add_fwd_rr(self.host_domain, self.host, self.ip_address) if self.reverse_zone is not None and dns_zone_exists(self.reverse_zone): add_ptr_rr(self.reverse_zone, self.ip_address, self.fqdn) diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py index 02890ac96..f38ae9b42 100644 --- a/ipaserver/install/krbinstance.py +++ b/ipaserver/install/krbinstance.py @@ -233,6 +233,19 @@ class KrbInstance(service.Service): SERVER_ID=dsinstance.realm_to_serverid(self.realm), REALM=self.realm) + # IPA server/KDC is not a subdomain of default domain + # Proper domain-realm mapping needs to be specified + dr_map = '' + if not self.fqdn.endswith(self.domain): + root_logger.debug("IPA FQDN '%s' is not located in default domain '%s'" \ + % (self.fqdn, self.domain)) + server_host, dot, server_domain = self.fqdn.partition('.') + root_logger.debug("Domain '%s' needs additional mapping in krb5.conf" \ + % server_domain) + dr_map = " .%(domain)s = %(realm)s\n %(domain)s = %(realm)s\n" \ + % dict(domain=server_domain, realm=self.realm) + self.sub_dict['OTHER_DOMAIN_REALM_MAPS'] = dr_map + def __configure_sasl_mappings(self): # we need to remove any existing SASL mappings in the directory as otherwise they # they may conflict. |