On ti, 11 heinä 2017, erricg--- via FreeIPA-users wrote:
We're planning an IdM implementation where we have several data centers
over a large geographic location. We're following the Red Hat guide:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/replica-considerations.html
and are interested in having the "tight cell" replication strategy with
indirect authentication based on a one-way trust from AD.
What I do not yet understand is multiple servers in different data
centers with a single trust (realm). That is, do we need to run ipa
trust-add on multiple servers? Further, would this be on each server in
the cell, or would it be only for the trust controller?
You do not need to run 'ipa trust-add' multiple times. Trust objects are
in replicated space, so once established, trust details are replicated
to all IPA masters. However, each master needs to be prepared to take
advantage of that information.
You should ensure that each server is at least a trust agent.
A correct documentation for that is
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Windows_Integration_Guide/index.html#trust
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
--
/ Alexander Bokovoy
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
