Re: [Freeipa-users] ntp and srv records
On 21.8.2014 06:17, Les Stott wrote: Hi All, Am about to start rolling out clinet installs on rhel6 hosts with dns autodiscovery. Enviroment: rhel6, ipa-3.0.0-37.el6. I already have setup SRV records for Kerberos and ldap etc. Are the following ntp records as SRV records necessary also? Technically not but they are highly recommended (assuming that your IPA servers are running a NTP server). ;ntp server _ntp._udp IN SRV 0 100 123ntp1.mydomain.com. _ntp._udp IN SRV 0 100 123ntp2.mydomain.com. I've seen some guides that don't reference them, others that do. I don't see any adverse effects on the two freeipa servers (master + replica) that are currently running without the ntp srv records. The adverse effect will probably manifest on client side. Things (Kerberos :-) will break if time on client is too far away from time on server. -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] ntp and srv records
We have ntp setup on two servers and configured normally via /etc/ntp* etc. All clients and servers reference the same ntp servers, and all would be on the same time. This doesn't require ntp SRV records. So I personally don't thing ntp srv records are necessary and can't see an issue. But wanted to check to be sure Les -Original Message- From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Petr Spacek Sent: Thursday, 21 August 2014 4:52 PM To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] ntp and srv records On 21.8.2014 06:17, Les Stott wrote: Hi All, Am about to start rolling out clinet installs on rhel6 hosts with dns autodiscovery. Enviroment: rhel6, ipa-3.0.0-37.el6. I already have setup SRV records for Kerberos and ldap etc. Are the following ntp records as SRV records necessary also? Technically not but they are highly recommended (assuming that your IPA servers are running a NTP server). ;ntp server _ntp._udp IN SRV 0 100 123ntp1.mydomain.com. _ntp._udp IN SRV 0 100 123ntp2.mydomain.com. I've seen some guides that don't reference them, others that do. I don't see any adverse effects on the two freeipa servers (master + replica) that are currently running without the ntp srv records. The adverse effect will probably manifest on client side. Things (Kerberos :-) will break if time on client is too far away from time on server. -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] ntp and srv records
On 08/21/2014 12:17 AM, Les Stott wrote: Hi All, Am about to start rolling out clinet installs on rhel6 hosts with dns autodiscovery. Enviroment: rhel6, ipa-3.0.0-37.el6. I already have setup SRV records for Kerberos and ldap etc. Are the following ntp records as SRV records necessary also? ;ntp server _ntp._udp IN SRV 0 100 123ntp1.mydomain.com. _ntp._udp IN SRV 0 100 123ntp2.mydomain.com. I’ve seen some guides that don’t reference them, others that do. I don’t see any adverse effects on the two freeipa servers (master + replica) that are currently running without the ntp srv records. Thanks in advance, Regards, Les *ipa-client-install* and *ipa-server-install* use them to sync time before they proceed to crypto operations, but they're not strictly required, especially if time is already in sync. If the records are not available they attempt to sync directly with the IPA server, failing that they will throw a warning and continue. Microsoft has also been adding support for them to a lot of their AD-connected mobile software, but I think they too use it as a convenience, not a requirement. -- - *question everything*learn something*answer nothing* Lucas Yamanishi -- Systems Administrator, ADNET Systems, Inc. NASA Space and Earth Science Data Analysis (606.9) 7515 Mission Drive, Suite A100 Lanham, MD 20706 * 301-352-4646 * 0xD354B2CB -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
[Freeipa-users] ntp and srv records
Hi All, Am about to start rolling out clinet installs on rhel6 hosts with dns autodiscovery. Enviroment: rhel6, ipa-3.0.0-37.el6. I already have setup SRV records for Kerberos and ldap etc. Are the following ntp records as SRV records necessary also? ;ntp server _ntp._udp IN SRV 0 100 123ntp1.mydomain.com. _ntp._udp IN SRV 0 100 123ntp2.mydomain.com. I've seen some guides that don't reference them, others that do. I don't see any adverse effects on the two freeipa servers (master + replica) that are currently running without the ntp srv records. Thanks in advance, Regards, Les -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project