On 07/24/2012 08:51 AM, Chaudhari, Rohit K. wrote:
So just for clarification, is this how I set it up:
create new entries for your VMs with unique MACs and IP addresses
edit /etc/hosts - add entries for you IP addresses and your new hosts - make sure the FQDN is the first name e.g. 192.168.122.2 myhost.mydomain.com myhost
If there is anything simpler or something that I missed just let me know.
No, that's it. That's what I use for doing TLS/SSL testing among
virtual machines on the same host system.
Thanks.
-----Original Message-----
From: Rich Megginson [mailto:rmeggins@xxxxxxxxxx]
Sent: Tuesday, July 24, 2012 10:49 AM
To: 389 Directory server developer discussion.
Cc: Chaudhari, Rohit K.
Subject: Re: [389-devel] Setting up 389 DS without DNS
On 07/23/2012 08:58 PM, Chaudhari, Rohit K. wrote:
Thanks everyone for the quick response. We do need to use TLS for doing LDAP authentication for users to sign in. So based on the notes below, the lack of DNS will not work. How can I get TLS and no-DNS to work together?
It does work. Perhaps it is in violation of some spec somewhere
(link?), but using /etc/hosts or even NIS host maps will work. DNS is
not a requirement to get it to work.
Thanks.
________________________________________
From: 389-devel-bounces@xxxxxxxxxxxxxxxxxxxxxxx [389-devel-bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Rich Megginson [rmeggins@xxxxxxxxxx]
Sent: Monday, July 23, 2012 8:09 PM
To: 389 Directory server developer discussion.
Subject: Re: [389-devel] Setting up 389 DS without DNS
On 07/23/2012 05:13 PM, Paul Robert Marino wrote:
On Jul 23, 2012 5:15 PM, "Rich Megginson"<rmeggins@xxxxxxxxxx<mailto:rmeggins@xxxxxxxxxx>> wrote:
On 07/23/2012 02:46 PM, Chaudhari, Rohit K. wrote:
Hey 389 community,
I had a question. We want to set up 389-ds on a Red Hat VM without DNS. I read online that disabling SELinux would allow us to accomplish this. Is this true or false?
False. AFAIK it has nothing to do with SELinux. Where did you read this?
If DNS cannot be disabled, how do we create a dummy DNS so that replication and single sign-on from client to the server can occur? Do we have to hard-code IP addresses or something else? Thank you for your time this afternoon.
It depends. If you are using Fedora/RHEL virtualization, you just have to
virsh net-edit default - create new entries for your VMs with unique MACs and IP addresses
edit /etc/hosts - add entries for you IP addresses and your new hosts - make sure the FQDN is the first name e.g.
192.168.122.2 myhost.mydomain.com<http://myhost.mydomain.com> myhost
This will only work if you don't intend to use TLS encryption
TLS requiers full forward and reverse 'DNS' lookup and won't work properly with entries in the /etc/hosts file per the RFC that defines the TLS standard.
Hmm - I've successfully done this with /etc/hosts files - what exactly is the problem with that? What specifically requires a DNS lookup and not a getent hosts?
Thanks.
--
389-devel mailing list
389-devel@xxxxxxxxxxxxxxxxxxxxxxx<mailto:389-devel@xxxxxxxxxxxxxxxxxxxxxxx>
https://admin.fedoraproject.org/mailman/listinfo/389-devel
--
389-devel mailing list
389-devel@xxxxxxxxxxxxxxxxxxxxxxx<mailto:389-devel@xxxxxxxxxxxxxxxxxxxxxxx>
https://admin.fedoraproject.org/mailman/listinfo/389-devel
--
389-devel mailing list
389-devel@xxxxxxxxxxxxxxxxxxxxxxx<mailto:389-devel@xxxxxxxxxxxxxxxxxxxxxxx>
https://admin.fedoraproject.org/mailman/listinfo/389-devel
--
389-devel mailing list
389-devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-devel
--
389-devel mailing list
389-devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-devel
