Hi, Does that mean deleting the NS record on AD and creating an A record instead?
Thanks, John On Wed, Jul 15, 2015, 18:28 Petr Spacek <pspa...@redhat.com> wrote: > On 14.7.2015 15:19, John Stein wrote: > > Hi, > > > > What I meant was that the IPA server is managing two zones: > > > > Linux.john.com > > Which has these records > > Ipa1 A 192.168.0.140 > > client1 A 192.168.0.11 > > > > 0.168.192.in-addr.arpa. > > Which has these records > > 11 PTR client1.linux.john.com > > @ NS ipa1.linux.john.com > > > > In the AD > > forward lookup zones > >> John.com > >>> linux > > (Same as parent folder) NS ipa1.linux.john.com > > > > Anything more that's unclear? > > This is enough. > > You have the same 'master' zone configured on IPA and AD, which does not > make > sense from DNS point of view. > > You need to move all records to one server and configure 'forward' zone on > the > other server. In AD terminology you need to create 'conditional forwarder'. > > Petr^2 Spacek > > > > > Thank you very much! > > John > > > > On Tue, Jul 14, 2015, 15:52 Petr Spacek <pspa...@redhat.com> wrote: > > > >> On 14.7.2015 14:49, John Stein wrote: > >>> I ran the above commands exactly as I told you on the IPA server. I > also > >>> set the IPA server as a global forwarder in the AD. > >>> > >>> On Wed, Jul 8, 2015, 12:50 Petr Spacek <pspa...@redhat.com> wrote: > >>> > >>>>> On 5.7.2015 08:38, John Stein wrote: > >>>>>>> Hi, > >>>>>>> > >>>>>>> I ran these commands in the IdM server > >>>>>>> > >>>>>>> $ ipa dnszone-mod 2.0.192.in-addr.arpa. --update-policy='grant > >> JOHN.COM > >>>>>>> krb5-self * PTR; grant LINUX.JOHN.COM krb5-self * PTR;' > >>>>>>> $ ipa dnszone-mod 2.0.192.in-addr.arpa. --dynamic-update=1 > >>>>>>> > >>>>>>> At the Active Directory I have A and PTR records for the IdM > >> server and > >>>>> it > >>>>>>> is configured as a global forwarder. > >>>>>>> At the IdM server there are A and PTR records for both the IdM > >> server and > >>>>>>> another client. > >> > >> Can you explain what you did, exactly? I do not know what 'I have A and > PTR > >> records for the IdM server' exactly means. We need to know exactly what > you > >> typed in and where you clicked in AD. > >> > >> The original information is not sufficient, that is why I asking for > more > >> details. > >> > >> Petr^2 Spacek > >> > >>>>>>> However this setup does not work. > >>>>>>> From the IdM and linux client every record is resolvable, however > >> from > >>>>> the > >>>>>>> AD only the IdM is resolvable and the client is not. > >>>>>>> > >>>>>>> Maybe there's another thing I need to configure in the AD in order > >> to > >>>>>>> enable forwarding that I'm missing? > >>>>> > >>>>> I'm not sure I understand you. >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
