On 04/29/2015 08:38 PM, Aric Wilisch wrote:
Is it possible to setup a Master level FreeIPA domain, then have 3 sub
level domains use it for authentication?
You can have one IPA Kerberos realm spanning several zones but the top
level domain should be the same as the realm otherwise trust would not work.
So master server at say ipa.domain.com <http://ipa.domain.com>, then
have a secondary zone that is ipa2.sub1.domain.com
We have 3 different environments that need to stay separated. We were
going to have them all authenticate to an Active Directory domain but
getting that setup is turning into a real issue. So if possible I
would like to have a master level IPA server, then three sub level IPA
servers that authenticate against it, then have our Windows Terminal
Servers authenticate against it as well if possible.
So if there is documentation on how to set that up I would appreciate
a pointer, I haven't been able to find it yet.
I think Alexander would have some pointers.
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project