[Freeipa-users] Setting up single domain but with dns subdomains
Rob Crittenden
rcritten at redhat.com
Tue Jan 8 19:06:05 UTC 2013
Orion Poplawski wrote:
> I'm looking into migrating our 389ds ldap + kerberos to FreeIPA and I'm
> wondering how to setup DNS autodiscovery (if possible) in a way to point
> to different servers in different locations.
>
> We have two major offices, one that uses the "nwra.com" dnsdomain and
> one that uses the "cora.nwra.com" dns subdomain. We're planning on
> using the NWRA.COM domain for IPA/kerberos. I'd like to have the hosts
> is the "cora" office use the local servers instead of the one at the
> main office. Is this possible? While I can have:
>
> _ldap._tcp.cora.nwra.com. SRV 0 0 636 ipa.cora.nwra.com.
>
> If I have:
>
> _kerberos.cora.nwra.com. TXT "NWRA.COM"
>
> it will then automatically look for:
>
> _kerberos._udp.nwra.com. SRV
>
> Which will hold the servers for the other office.
>
> Any suggestions?
>
We don't have a good solution for region-specific enrollment right now.
There is ticket open, https://fedorahosted.org/freeipa/ticket/2008
In 3.0 we added better capabilities for bypassing discovery using
--server and --fixed-primary in ipa-client-install.
rob
More information about the Freeipa-users
mailing list