On 04/29/2015 08:38 PM, Aric Wilisch wrote:
Is it possible to setup a Master level FreeIPA domain, then have 3 sub level domains use it for authentication?

So master server at say ipa.domain.com <http://ipa.domain.com>, then have a secondary zone that is ipa2.sub1.domain.com <http://ipa2.sub1.domain.com>.

We have 3 different environments that need to stay separated. We were going to have them all authenticate to an Active Directory domain but getting that setup is turning into a real issue. So if possible I would like to have a master level IPA server, then three sub level IPA servers that authenticate against it, then have our Windows Terminal Servers authenticate against it as well if possible.

So if there is documentation on how to set that up I would appreciate a pointer, I haven't been able to find it yet.

Thanks much!

Aric Wilisch
awili...@gmail.com <mailto:awili...@gmail.com>

You can have one IPA Kerberos realm spanning several zones but the top level domain should be the same as the realm otherwise trust would not work.
I think Alexander would have some pointers.

Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to