[Freeipa-users] Setting up FreeIPA with replicas without DNS

rob.harper at stfc.ac.uk rob.harper at stfc.ac.uk
Wed May 28 08:44:19 UTC 2014 

Well, after sending my query I started going back over the FreeIPA documentation again and found information that I should probably be using SRV records in DNS to handle the load balancing.

I will look into this and figure out what I need to request of the site network team.

Apologies for cluttering up your inboxes!

Rob

> -----Original Message-----
> From: rob.harper at stfc.ac.uk [mailto:rob.harper at stfc.ac.uk]
> Sent: 28 May 2014 09:14
> To: freeipa-users at redhat.com
> Subject: [Freeipa-users] Setting up FreeIPA with replicas without DNS
> 
> Hi all,
> 
> I am wanting to set up a FreeIPA domain for controlling a group of machines
> on our network, and want to use replica servers for resilience.  However, I do
> not have control over DNS: our site prefers to use a central DNS service,
> which I can easily request changes in, but I don't have flexibility there.
> 
> I will, at this point, admit to not knowing a great deal about the workings of
> DNS, so if I am asking dumb questions, please feel free to point me at an RFC,
> howto or other documentation so I can get educated.
> 
> So I am trying to work out the best way to set things up.  My initial hunch was
> that I should get A-records set up to provide a DNS round robin for the
> service.  The problem appears to be that if I install FreeIPA on the servers
> using their own hostnames, their host certificates won't match the A-record,
> and if I set up FreeIPA to use the round robin hostname, it just doesn't look
> right to me.
> 
> I hope I have managed to explain my situation appropriately.  I haven't been
> able to find documentation to help me with this (I suspect I just need to
> understand a few different aspects better than I do already), so can
> someone point me in the right direction, please?
> 
> Many thanks,
> Rob
> --
> Scanned by iCritical.
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
-- 
Scanned by iCritical.

More information about the Freeipa-users mailing list