I have AD trusts configured and working between an IPA server and a
"master" primary domain controller (dc-1) in a forest in one data
center. This allows me to connect with SSH to linux servers in the
same data-center, authenticating with my AD credentials.
I'm trying to test a scenario where I have an IPA server set up in
another data center, and trust is established with an AD domain
controller (dc-2) in that data-center.
This domain controller takes dc-1 as it's authoritative source.
Ideally, the IPA server will interact with the domain controller
nearest to it (i.e dc-2), however, from tcpdump, I note the following:
- IPA server communicates with dc-2 first
- dc-2 returns a list of domain controllers in all the datacenters,
the IPA server then begins querying ldap and kerberos ports on dc-1,
the domain controller furthest from it.
- Authentication on clients fail
My question is: Is it possible to get IPA to query and interact only
with the domain controller it initially established trust with?
Thanks in advance,
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project