On 30.6.2016 17:56, Christophe TREFOIS wrote:
> Hi,
> I am getting a bit confused about what is possible / advised to do and how to 
> setup SRV records for our existing setup.
> Currently, it looks like his:
> ipa1.domain.ltd
> ipa2.domain.ltd
> ipa3.domain.ltd
> I believe the installed domain and realm is domain.ltd (we added some other 
> realm domains later on).
> And we use ipa1 for external user access, ipa2 for services, and ipa3 for 
> backup (not accessed directly).
> We now want to create SRV records for this setup.
> How would they look like?
> The problem I have is that domain.ltd is also the university’s AD domain and, 
> according to the docs, it is not recommended to do this, in any fashion.
> Would it be however, feasible, to do this via a FreeIPA-FreeIPA migration?
> Could you please share any piece of information, or dadvice on this?

Unfortunately there is no way to make this work. There will be inevitable
conflicts on DNS and Kerberos level.

Please make sure you fully read

After that the only option is to plan for new FreeIPA installation and
migration. Unfortunately complete FreeIPA-FreeIPA migration is not supported
either so it is mostly manual process (using hand-made scripts for your

Do not hesitate to contact us if you have any questions.

Petr^2 Spacek

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to