[Freeipa-users] Setting up single domain but with dns subdomains
Petr Spacek
pspacek at redhat.com
Wed Jan 9 07:59:02 UTC 2013
On 8.1.2013 20:06, Rob Crittenden wrote:
> Orion Poplawski wrote:
>> I'm looking into migrating our 389ds ldap + kerberos to FreeIPA and I'm
>> wondering how to setup DNS autodiscovery (if possible) in a way to point
>> to different servers in different locations.
>>
>> We have two major offices, one that uses the "nwra.com" dnsdomain and
>> one that uses the "cora.nwra.com" dns subdomain. We're planning on
>> using the NWRA.COM domain for IPA/kerberos. I'd like to have the hosts
>> is the "cora" office use the local servers instead of the one at the
>> main office. Is this possible? While I can have:
>>
>> _ldap._tcp.cora.nwra.com. SRV 0 0 636 ipa.cora.nwra.com.
>>
>> If I have:
>>
>> _kerberos.cora.nwra.com. TXT "NWRA.COM"
>>
>> it will then automatically look for:
>>
>> _kerberos._udp.nwra.com. SRV
>>
>> Which will hold the servers for the other office.
>>
>> Any suggestions?
>>
>
> We don't have a good solution for region-specific enrollment right now. There
> is ticket open, https://fedorahosted.org/freeipa/ticket/2008
>
> In 3.0 we added better capabilities for bypassing discovery using --server and
> --fixed-primary in ipa-client-install.
You could use BIND views to return different SRV records to each location, but
it will work only if you don't use IPA-integrated DNS (bind-dyndb-ldap).
Unfortunately there is no good solution with IPA integrated DNS.
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list