Hi List

I have AD trusts configured and working between an IPA server and a
"master" primary domain controller (dc-1) in a forest in one data
center. This allows me to connect with SSH to linux servers in the
same data-center, authenticating with my AD credentials.

I'm trying to test a scenario where I have an IPA server set up in
another data center, and trust is established with an AD domain
controller (dc-2) in that data-center.
This domain controller takes dc-1 as it's authoritative source.
Ideally, the IPA server will interact with the domain controller
nearest to it (i.e dc-2), however, from tcpdump, I note the following:

- IPA server communicates with dc-2 first
- dc-2 returns a list of domain controllers in all the datacenters,
including dc-1
the IPA server then begins querying ldap and kerberos ports on dc-1,
the domain controller furthest from it.
- Authentication on clients fail

My question is:  Is it possible to get IPA  to query and interact only
with the domain controller it initially established trust with?

Thanks in advance,

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to