On Fri, 2011-11-04 at 17:07 +0100, tomasz.napier...@allegro.pl wrote: > On 4 lis 2011, at 16:57, Simo Sorce wrote: > > > Not necessarily related to your problem, but in general I would > strongly > > suggest all freeipa users to: > > > > a) use domain names that are longer than a single component > > (for example in your case 'ipa.dc2' instead of just 'dc2') > > > > b) let the kerberos realm exactly match the domain name. > > (In your case let it be 'IPA.DC2') > > > > We do not enforce these rules but not following them can cause you > > additional headaches in some cases. > > > I know that from 1.x deployment. Unfortunately adding another domain > would completely destroy our infrastructure management tools ;) > You seem to be in one of those corner cases for which we decided to not enforce those rule programmatically ...
Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
