On 8.1.2013 20:06, Rob Crittenden wrote:
Orion Poplawski wrote:
I'm looking into migrating our 389ds ldap + kerberos to FreeIPA and I'm
wondering how to setup DNS autodiscovery (if possible) in a way to point
to different servers in different locations.

We have two major offices, one that uses the "nwra.com" dnsdomain and
one that uses the "cora.nwra.com" dns subdomain.  We're planning on
using the NWRA.COM domain for IPA/kerberos.  I'd like to have the hosts
is the "cora" office use the local servers instead of the one at the
main office.  Is this possible? While I can have:

_ldap._tcp.cora.nwra.com. SRV 0 0 636 ipa.cora.nwra.com.

If I have:

_kerberos.cora.nwra.com. TXT "NWRA.COM"

it will then automatically look for:

_kerberos._udp.nwra.com. SRV

Which will hold the servers for the other office.

Any suggestions?

We don't have a good solution for region-specific enrollment right now. There
is ticket open, https://fedorahosted.org/freeipa/ticket/2008

In 3.0 we added better capabilities for bypassing discovery using --server and
--fixed-primary in ipa-client-install.

You could use BIND views to return different SRV records to each location, but it will work only if you don't use IPA-integrated DNS (bind-dyndb-ldap). Unfortunately there is no good solution with IPA integrated DNS.

Petr^2 Spacek

Freeipa-users mailing list

Reply via email to