I have been trying to configure a FreeIPA server for learning purposes and to have centralised access to all my self-hosted services for me and my family/friends. I started with this tutorial where they state that "It is highly recommended that you use your domain name as the Kerberos realm. Using a different naming scheme will cause problems with FreeIPA’s Active Directory integration, and may cause other issues."
However, I haven't been able to find anything on the internet that relates to this issues. In fact, I have seen it configured with different realm/domain here. After reading several other docs, articles, etc I learned a bit what DNS delegation is and the use of --allow-zone-overlap parameter but still a bit confused:
- Can I use --allow-zone-overlap if my delegated servers on my registrar are e.g Cloudflare only or should I also include the freeipa public ip too?
- If using root domain as a zone, do I need to maintain duplicate records both in FreeIPA server and Cloudflare?
So, I decided to configure my FreeIPA server with --realm MYDOMAIN.COM and --domain ipa.mydomain.com (which I imagine it's a private DNS zone?)
By doing this, principal alias now matches my email addresses and servers can communicate and be joined to the directory, both hitting the private IP and the external dns name. Creating new users with rules also seem to work.
I'm a very early stage of configuration/learning, and haven't seen any errors yet but I'm curious about what can I find down the line if I continue using this setup.
Before continuing down the rabbit hole, can someone point me in the right direction, possible mistakes I've made, etc, please?
Thanks!
