On 8.1.2013 20:06, Rob Crittenden wrote:
Orion Poplawski wrote:
I'm looking into migrating our 389ds ldap + kerberos to FreeIPA and I'm
wondering how to setup DNS autodiscovery (if possible) in a way to point
to different servers in different locations.
We have two major offices, one that uses the "nwra.com" dnsdomain and
one that uses the "cora.nwra.com" dns subdomain. We're planning on
using the NWRA.COM domain for IPA/kerberos. I'd like to have the hosts
is the "cora" office use the local servers instead of the one at the
main office. Is this possible? While I can have:
_ldap._tcp.cora.nwra.com. SRV 0 0 636 ipa.cora.nwra.com.
If I have:
_kerberos.cora.nwra.com. TXT "NWRA.COM"
it will then automatically look for:
_kerberos._udp.nwra.com. SRV
Which will hold the servers for the other office.
Any suggestions?
We don't have a good solution for region-specific enrollment right now. There
is ticket open, https://fedorahosted.org/freeipa/ticket/2008
In 3.0 we added better capabilities for bypassing discovery using --server and
--fixed-primary in ipa-client-install.
You could use BIND views to return different SRV records to each location, but
it will work only if you don't use IPA-integrated DNS (bind-dyndb-ldap).
Unfortunately there is no good solution with IPA integrated DNS.
--
Petr^2 Spacek
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
