Will I be able to get help here installing FreeIPA using RHEL documentation? Because its stated,
Upstream user guide is not maintained anymore as all effort is put into the Red Hat Enteprise Linux documentation. Bugs found in the documentation can be reported in Red Hat bugzilla
and will the same instructions work on Rocky?
The information provided for FreeIPA in the Red Hat documentation will apply to Rocky Linux.
CHAPTER 5. INSTALLING AN IDM SERVER: WITHOUT
INTEGRATED DNS, WITH AN INTEGRATED CA AS THE ROOT
I want to use pfSense DNS Resolver, but RHEL states,
Red Hat strongly recommends installing IdM-integrated DNS for basic usage within the
IdM deployment: When the IdM server also manages DNS, there is tight integration
between DNS and native IdM tools which enables automating some of the DNS record
I will not be deploying any servers outside my intranet, so will I still need to follow this recommendation?
It doesn’t matter that you’re not going to have servers outside of your network. The assumption is that everything is internal anyway when you deploy a FreeIPA domain (similar to deploying an AD domain). Ultimately what matters is how all the components within FreeIPA work seamlessly together. This is why it’s recommended to use the integrated DNS.
I would highly recommend reading these pages:
Long story short: If you decide to not use the internal DNS and opt to use another DNS server in its place, you will need to manage it yourself, including all the records as you make changes to your network and topology. Note that unbound (the default DNS resolver in pfsense) is not a replacement for bind.
I see, and I don’t want all that headache, I will go with the recommendation.
FreeIPA should always have own primary domain, e.g. example.com or ipa.example.com which should not be shared with other Kerberos based identity management system as otherwise there will be collisions on Kerberos system level. For example, if both FreeIPA and Active Directory use the same domain, trusts will be never possible, as well as automatic client server discovery via DNS SRV records.
With this being said, I have no plans in my intranet of using any type of Windows AD, but I want to make sure in regards to pfSense. I have the domain name set to kbbn-7.com and its not registered as a internet domain. Will this cause a collision when using it with FreeIPA or do I have to use another name?