[Freeipa-users] Realm distrubuted across data centers
Simo Sorce
simo at redhat.com
Wed Mar 13 13:38:27 UTC 2013
On Wed, 2013-03-13 at 09:28 -0400, Rob Crittenden wrote:
> Michael ORourke wrote:
> > I think SRV records are only part of the problem. We are using
> > integrated BIND/DNS with our IPA servers and I'm not sure it supports
> > views. But thanks for the suggestion.
> > I guess we could create custom krb5.conf files in each DC and mange them
> > with Puppet, but there are other config files (e.g. resolv.conf and
> > ldap.conf) that would need to be managed too. Maybe there are some
> > other IPA client config files that setup static mappings during the join
> > process. Anyone know which ones to look at?
>
> No, we don't support views yet.
>
> You'd also need a custom sssd.conf as well.
>
> We support this kind of configuration in 3.x. Using multiple --server
> and --fixed-primary options of ipa-client-install you can add multiple,
> hardcoded servers and still have failover. Basically you configure
> things to ignore the SRV records, so you shouldn't have to mess with the
> resolver at all.
Just want to note that we are working on a more manageable solution for
the future:
http://www.freeipa.org/page/V3/DNS_Location_Mechanism
But we are not there yet.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list