On 04/29/2015 08:38 PM, Aric Wilisch wrote:
Is it possible to setup a Master level FreeIPA domain, then have 3 sub
level domains use it for authentication?
So master server at say ipa.domain.com <http://ipa.domain.com>, then
have a secondary zone that is ipa2.sub1.domain.com
<http://ipa2.sub1.domain.com>.
We have 3 different environments that need to stay separated. We were
going to have them all authenticate to an Active Directory domain but
getting that setup is turning into a real issue. So if possible I
would like to have a master level IPA server, then three sub level IPA
servers that authenticate against it, then have our Windows Terminal
Servers authenticate against it as well if possible.
So if there is documentation on how to set that up I would appreciate
a pointer, I haven't been able to find it yet.
Thanks much!
Regards,
------------------------------------------
Aric Wilisch
awili...@gmail.com <mailto:awili...@gmail.com>
You can have one IPA Kerberos realm spanning several zones but the top
level domain should be the same as the realm otherwise trust would not work.
I think Alexander would have some pointers.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
