realmd discovers which domains or realms it can use or configure. It can discover and identify FreeIPA domains by looking up the appropriate DNS SRV records and by connecting to the domain LDAP server.

The following DNS SRV records are required to be present for realmd to identify a provided realm as an Kerberos domain.

# In this example the FreeIPA domain is 'domain.example.com'
_ldap._tcp.domain.example.com.

In addition realmd connects to the LDAP server on the FreeIPA domain server's on port 389 and reads the Root DSE information about the domain.

To see how realmd is discovering a particular domain name, try a command like the following. Using the --verbose argument displays verbose discovery information.

$ realm --verbose discover domain.example.com
 * Resolving: _ldap._tcp.dc._msdcs.domain.example.com
 * Resolving: _ldap._tcp.domain.example.com
 * Performing LDAP DSE lookup on: 192.168.10.22
 * Successfully discovered: domain.example.com
...

In addition a FreeIPA domain server's host name or IP address may be specified.