Peter, Sorry, missed your response earlier. On 4.11.2014 21:57, William Muriithi wrote: > Afternoon, > > I have two AD and would like to retain that redundancy within IPA after > establishing trust relationship. How would one achieve that? > > I have attempted the following: > > > [root@ipa3-yyz-int ~]# ipa dnszone-add example.local > --name-server=srvyyzdc02.example.local --name-server=srvyyzdc01.example.local > --admin-email='[email protected]' --force --forwarder=10.10.10.90 > --forwarder=10.10.10.91 --forward-policy=only --ip-address=10.10.10.90 > --ip-address=10.10.10.91 > ipa: ERROR: invalid 'idnssoamname': Only one value is allowed > > And got the following error above >
>Hello, >Could you explain what you are trying to achieve, please? Was trying to make sure trust remain in place even if we loose one of the master master AD >What version of FreeIPA do you use? Version 3.3. Default on centos 7 with all updates applied. Not at office at the moment so can't post rpm precise version >Commands 'ipa dnszone-*' manage DNS and are >not strictly related to AD >trusts. >If you add DNS zone to one IPA server it is >automatically served by all other >servers. This applies to master & forward zones >too. Ah. I see. I misunderstood the documentation then. So, would ipa know there are two active directories in the network even without being explicit on the configuration? I am guessing through DNS? If not, what would be needed to clue it of this fact? >To get full redundancy for *master* zones you >have to add all names of IPA >DNS >servers to NS records in the zone and also to its >parent zone. (BTW FreeIPA >4.1 will manage in-zone NS records automatically for you.) >For forward zones you don't need to do anything >else. It should just work. -- Petr^2 Spacek Thanks William ------------------------------ _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users End of Freeipa-users Digest, Vol 76, Issue 10 ********************************************* -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
