Hello,
I've been working with idm ad integration for some time now. But one thing has always confused me.
In all the docs it will tell you to check the dns to see if the dns records resolve. dig +short -t SRV _kerberos._udp.idm.example.com. dig +short -t SRV _ldap._tcp.idm.example.com. dig +short -t TXT _kerberos.idm.example.com. dig +short -t SRV _ldap._tcp.dc._msdcs.ad.example.com. dig +short -t SRV _kerberos._udp.dc._msdcs.ad.example.com.
The last one will always fail because by default ms-ad does not generate such a record. However there is always a tcp record. dig +short -t SRV _kerberos._tcp.dc._msdcs.ad.example.com.
Can freeipa work with the tcp record as well, or is it vital that you create a udp record for freeipa to work properly?
Rob Verduijn
freeipa-users@lists.fedorahosted.org