Working on a hairy multiple AD Forest integration issue in AWS and would
appreciate a sanity check - I've been wrong so many times about IPA
setup and navigating transitive AD trusts so many times I figured it was
time to ask questions first before falling on my face again, heh.
After reading the documentation we ended up getting a new domain name to
run our IPA server on -- seemed easier than creating and delegating a
subdomain off of the primary AD server.
This is what we have:
AD Forest #1: company-test.org
AD Forest #2: company-aws.org
IPA Server : company-ipa.org
The IPA server at company-ipa.org has successfully created 1-way trusts
to the AD servers for company-test.org and company-aws.org
I'm at the point now where I'm ready to try installing IPA clients and
have a simple sanity check question:
Can I launch a server in AWS with a hostname of "test.company-aws.org"
yet bind it to my IPA server at "ipa.company-ipa.org" so it can manage
users etc. ?
I was thinking of a command like:
# ipa-client-install \
--domain company-aws.org \
--server ipa.company-ipa.org \
Would appreciate a quick sanity check on if this is possible or
supported. The ipa-client-install command is failing ("cant verify that
server is an IPA server ..." ) but I'm not sure if it's because I've got
a config / DNS / port problem or if I'm (once again) trying to do
something stupid with IPA ...
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project