On 30.6.2016 17:56, Christophe TREFOIS wrote: > Hi, > > I am getting a bit confused about what is possible / advised to do and how to > setup SRV records for our existing setup. > > Currently, it looks like his: > > ipa1.domain.ltd > ipa2.domain.ltd > ipa3.domain.ltd > > I believe the installed domain and realm is domain.ltd (we added some other > realm domains later on). > > And we use ipa1 for external user access, ipa2 for services, and ipa3 for > backup (not accessed directly). > > We now want to create SRV records for this setup. > > How would they look like? > > The problem I have is that domain.ltd is also the university’s AD domain and, > according to the docs, it is not recommended to do this, in any fashion. > > Would it be however, feasible, to do this via a FreeIPA-FreeIPA migration? > > Could you please share any piece of information, or dadvice on this?
Unfortunately there is no way to make this work. There will be inevitable conflicts on DNS and Kerberos level. Please make sure you fully read http://www.freeipa.org/page/Deployment_Recommendations and https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/installing-ipa.html#server-prereqs After that the only option is to plan for new FreeIPA installation and migration. Unfortunately complete FreeIPA-FreeIPA migration is not supported either so it is mostly manual process (using hand-made scripts for your deployment). Do not hesitate to contact us if you have any questions. -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project