On 4.5.2015 10:23, Brian Topping wrote: > On second view, I think my brain misfiled this. Maybe the records were > not set up automatically, another DNS domain I thought had the records in > fact do not. > > As a feature request, it seems like if a domain is added to "Domain > Realms", it should also get the appropriate records for client > autodiscovery.
It is actually not necessary to create all the SRV records in all domains. Client auto-discovery is using the TXT record which is added automatically and the _kerberos TXT record is like 'redirect'. The procedure is: - client client1.sub.example.com. searches for record _kerberos.sub.example.com TXT - _kerberos.sub.example.com TXT contains realm name "EXAMPLE.COM" - now the client knows that all the SRV records are inside example.com. domain - SRV records from example.com. are used from now on AFAIK this is very standard Kerberos behavior so it should work for all standard-compliant clients. Petr^2 Spacek > Cheers, Brian > >> On May 4, 2015, at 3:03 PM, Brian Topping <brian.topp...@gmail.com> >> wrote: >> >> I just added a new domain and didn't see the SRV records added for it. >> There is a TXT record, but none of the SRV records that are in other >> DNS domains. >> >> After going to the "Realm Domains tab of the "IPA Server" >> configuration, I see that the new domain was already added there, so I >> removed it and added it back, hoping that might cause the SRV records >> to be added, but no luck. >> >> Any ideas what I should check for? >> >> Thanks, Brian -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project