I have no idea if this counts as best practice because I am not affiliated with the FreeIPA development team
I personally think SRV records are probably the best idea in this situation. You would have to setup different zones to serve to each datacentre though if you know how to do that. It's not that tricky with views in bind. On 13 March 2013 12:40, Michael ORourke <mrorou...@earthlink.net> wrote: > We have a single realm distributed across 2 data centers and 2 offices > with 4 replicated IPA servers (2 in each data center). We are running IPA > server and client v2.2.0 on all servers and replication appears to be > functioning correctly. What I have noticed is that some servers in DC1, > have no connectivity to the IPA servers in DC2, and when you try connecting > to them from Office1 you sometimes get a long authentication delay. I > suspect this is caused by a timeout waiting for an IPA server in DC2 to > respond (which it can't). So I guess my question is, is there a 'best > practices' approach to this scenario? > > ______________________________**_________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/**mailman/listinfo/freeipa-users<https://www.redhat.com/mailman/listinfo/freeipa-users> >
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
