Re: [Freeipa-users] Setting up single domain but with dns subdomains
On 8.1.2013 20:06, Rob Crittenden wrote: Orion Poplawski wrote: I'm looking into migrating our 389ds ldap + kerberos to FreeIPA and I'm wondering how to setup DNS autodiscovery (if possible) in a way to point to different servers in different locations. We have two major offices, one that uses the nwra.com dnsdomain and one that uses the cora.nwra.com dns subdomain. We're planning on using the NWRA.COM domain for IPA/kerberos. I'd like to have the hosts is the cora office use the local servers instead of the one at the main office. Is this possible? While I can have: _ldap._tcp.cora.nwra.com. SRV 0 0 636 ipa.cora.nwra.com. If I have: _kerberos.cora.nwra.com. TXT NWRA.COM it will then automatically look for: _kerberos._udp.nwra.com. SRV Which will hold the servers for the other office. Any suggestions? We don't have a good solution for region-specific enrollment right now. There is ticket open, https://fedorahosted.org/freeipa/ticket/2008 In 3.0 we added better capabilities for bypassing discovery using --server and --fixed-primary in ipa-client-install. You could use BIND views to return different SRV records to each location, but it will work only if you don't use IPA-integrated DNS (bind-dyndb-ldap). Unfortunately there is no good solution with IPA integrated DNS. -- Petr^2 Spacek ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] Setting up single domain but with dns subdomains
I'm looking into migrating our 389ds ldap + kerberos to FreeIPA and I'm wondering how to setup DNS autodiscovery (if possible) in a way to point to different servers in different locations. We have two major offices, one that uses the nwra.com dnsdomain and one that uses the cora.nwra.com dns subdomain. We're planning on using the NWRA.COM domain for IPA/kerberos. I'd like to have the hosts is the cora office use the local servers instead of the one at the main office. Is this possible? While I can have: _ldap._tcp.cora.nwra.com. SRV 0 0 636 ipa.cora.nwra.com. If I have: _kerberos.cora.nwra.com. TXT NWRA.COM it will then automatically look for: _kerberos._udp.nwra.com. SRV Which will hold the servers for the other office. Any suggestions? -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder Office FAX: 303-415-9702 3380 Mitchell Lane or...@nwra.com Boulder, CO 80301 http://www.nwra.com ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Setting up single domain but with dns subdomains
Orion Poplawski wrote: I'm looking into migrating our 389ds ldap + kerberos to FreeIPA and I'm wondering how to setup DNS autodiscovery (if possible) in a way to point to different servers in different locations. We have two major offices, one that uses the nwra.com dnsdomain and one that uses the cora.nwra.com dns subdomain. We're planning on using the NWRA.COM domain for IPA/kerberos. I'd like to have the hosts is the cora office use the local servers instead of the one at the main office. Is this possible? While I can have: _ldap._tcp.cora.nwra.com. SRV 0 0 636 ipa.cora.nwra.com. If I have: _kerberos.cora.nwra.com. TXT NWRA.COM it will then automatically look for: _kerberos._udp.nwra.com. SRV Which will hold the servers for the other office. Any suggestions? We don't have a good solution for region-specific enrollment right now. There is ticket open, https://fedorahosted.org/freeipa/ticket/2008 In 3.0 we added better capabilities for bypassing discovery using --server and --fixed-primary in ipa-client-install. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users