> Okay looking at my servers.... DNS records: Wonderful, thank you. I will go over this and see how to implement. > I saw you post on freeipa-users ... Remaining issue are implementation of DNS records(above), Ubuntu and Mac clients, which I think now Ubunty is about CA installation. Will see. Mac is giving me more trouble and will deal with that later. All others have been resolved. Wiil keep posting solutions. Many thanks, M. ----- Original Message ----- From: "James Hogarth" <james.hogarth@xxxxxxxxx> To: "CentOS mailing list" <centos@xxxxxxxxxx> Sent: Friday, June 14, 2013 1:01:04 AM Subject: Re: IPA Client Install > > > My bad. I probably did a second ipa-clien-install without the proper > --unistall before. > > > I've messed up clients like that before ... Okay looking at my servers.... DNS records: _kerberos TXT REALMNAME (eg EXAMPLE.COM) _kerberos-master._tcp SRV 0 100 88 ipa01 _kerberos-master._udp SRV 0 100 88 ipa01 _kerberos._tcp SRV 0 100 88 ipa01 _kerberos._udp SRV 0 100 88 ipa01 _kpasswd._tcp SRV 0 100 464 ipa01 _kpasswd._udp SRV 0 100 464 ipa01 _ldap._tcp SRV 0 100 389 ipa01 _ntp._udp SRV 0 100 123 ipa01 Those are all the SRV records... My sssd.conf looks like: [domain/example.com] cache_credentials = True krb5_store_password_if_offline = True krb5_realm = EXAMPLE.COM ipa_domain = example.com id_provider = ipa auth_provider = ipa access_provider = ipa chpass_provider = ipa ipa_dyndns_update = True ipa_server = _srv_, ipa01.example.com ldap_tls_cacert = /etc/ipa/ca.crt [sssd] services = nss, pam, ssh config_file_version = 2 domains = example.com [nss] [pam] [sudo] [autofs] [ssh] This has been upgraded over time a bit and so on ... you might want to try out libsss_sudo rather than ldap based sudo in EL6.4 for example (add sudo to services and sss to nsswitch in a sudoers: files sss line for example). Hope that helps out a bit! I saw you post on freeipa-users ... they are a good bunch there and will hopefully sort any remaining issues you have. _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos