Re: [Freeipa-users] FreeIPA Master Slave Setup Client Configuration
On 09/27/2013 03:08 PM, Mohan Cheema wrote: -Original Message- From: Martin Kosek [mailto:mko...@redhat.com] Sent: Friday, September 27, 2013 9:22 AM To: Mohan Cheema Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] FreeIPA Master Slave Setup Client Configuration On 09/27/2013 06:45 AM, Mohan Cheema wrote: Hi, We have setup FreeIPA within our environment the setup is master slave. We want to know how we can configure clients to look to slave incase master server is no available to authenticate the user. Regards, ** *Mohan Cheema* FreeIPA replicas are master-master replicas by default. Can you please elaborate how did you create the slave server? About client configuration - can you use autodiscovery with DNS SRV records? (the same as IPA uses for autodiscovery). You would just need to create DNS SRV records for your slave server, with priority lower than the priority of master server. Client should then look at the slave only if the master is not available. HTH, Martin First installed the master server. Than we have used following command on it. ipa-replica-prepare kdc.domain.com Transferred it to second server and ran following command ipa-replica-install /var/lib/ipa/replica-info-kdc.domain.com Ah, ok - this is standard master-master replication in FreeIPA. I.e. when you a modification in any of these servers, it is replicated to the other one too. Haven't really checked if I update the second master is updated. Is is. About client configuration I cannot use the DNS server as the hosting is on Amazon Web Service(AWS) and don't want to add another instance as we are tight budget. Cannot have DNS server on any of the server as this setup is for compliance. Regards, Ok. If you are not using DNS, you could use a fixed list of IPA servers FQDNs when you are installing client. At least SSSD should use the first one as the primary point of contact and connect to the second one only if the first one is down. # ipa-client-install --server first.ipa.server --server second.ipa.server --domain ipa.server --fixed-primary Martin ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] FreeIPA Master Slave Setup Client Configuration
> -Original Message- > From: Martin Kosek [mailto:mko...@redhat.com] > Sent: Friday, September 27, 2013 9:22 AM > To: Mohan Cheema > Cc: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] FreeIPA Master Slave Setup Client > Configuration > > On 09/27/2013 06:45 AM, Mohan Cheema wrote: > > Hi, > > > > We have setup FreeIPA within our environment the setup is master > slave. We want > > to know how we can configure clients to look to slave incase master > server is > > no available to authenticate the user. > > > > Regards, > > > > ** > > > > *Mohan Cheema* > > FreeIPA replicas are master-master replicas by default. Can you please > elaborate how did you create the slave server? > > About client configuration - can you use autodiscovery with DNS SRV > records? > (the same as IPA uses for autodiscovery). You would just need to create > DNS SRV > records for your slave server, with priority lower than the priority of > master > server. Client should then look at the slave only if the master is not > available. > > HTH, > Martin First installed the master server. Than we have used following command on it. ipa-replica-prepare kdc.domain.com Transferred it to second server and ran following command ipa-replica-install /var/lib/ipa/replica-info-kdc.domain.com Haven't really checked if I update the second master is updated. About client configuration I cannot use the DNS server as the hosting is on Amazon Web Service(AWS) and don't want to add another instance as we are tight budget. Cannot have DNS server on any of the server as this setup is for compliance. Regards, ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] FreeIPA Master Slave Setup Client Configuration
On 09/27/2013 06:45 AM, Mohan Cheema wrote: Hi, We have setup FreeIPA within our environment the setup is master slave. We want to know how we can configure clients to look to slave incase master server is no available to authenticate the user. Regards, ** *Mohan Cheema* FreeIPA replicas are master-master replicas by default. Can you please elaborate how did you create the slave server? About client configuration - can you use autodiscovery with DNS SRV records? (the same as IPA uses for autodiscovery). You would just need to create DNS SRV records for your slave server, with priority lower than the priority of master server. Client should then look at the slave only if the master is not available. HTH, Martin ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
