On 12/14/2017 06:52 PM, Gordon Messmer via FreeIPA-users wrote:
I've set up a replica in an IPA domain, and was surprised that it did not have DNS configured the same way that the first IPA server does.  Of the following options that I specified on the first install, which do I need to provide to a replica in order to get identical functionality, and where is that documented?

    --mkhomedir --setup-dns --forwarder --reverse-zone --allow-zone-overlap --setup-adtrust
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Hi,

A replica does not necessarily provide the same services as the first IPA server (for instance CA or DNS). This is described in Linux Domain Identity, Authentication and Policy Guide, in the section "Deployment considerations for replicas" [1].

If you want to install the replica with DNS, you can find the options for ipa-replica-install in its man page. There is a whole section specific to DNS OPTIONS.

If the replica was installed without DNS but you would like to add the DNS service, it is not required to uninstall and re-run replica installation. The tool ipa-dns-install can be used to add the DNS service, and its options are available in its man page as well.

Same comment applies for configuring the ad trust, the tool ipa-adtrust-install can be run on the replica.

HTH,
Flo

[1] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/replica-considerations
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to