[Freeipa-users] Trust relationship redundancy

William Muriithi william.muriithi at gmail.com
Wed Nov 5 20:21:53 UTC 2014 

‎Peter,
‎ 
Sorry, missed your response earlier.
On 4.11.2014 21:57, William Muriithi wrote:
> Afternoon,
>
> I have two AD and would like to retain that redundancy within IPA after
> establishing trust relationship. How would one achieve that?
>
> I have attempted the following:
>
>
> [root at ipa3-yyz-int ~]# ipa dnszone-add example.local
> --name-server=srvyyzdc02.example.local --name-server=srvyyzdc01.example.local
> --admin-email='systemadmin at example.com' --force --forwarder=10.10.10.90
> --forwarder=10.10.10.91 --forward-policy=only --ip-address=10.10.10.90
> --ip-address=10.10.10.91
> ipa: ERROR: invalid 'idnssoamname': Only one value is allowed
>
> And got the following error above
>

>Hello,

>Could you explain what you are trying to achieve, please?

Was trying to make sure trust remain in place even if we loose one of the master master AD

>What version of FreeIPA do you use?

Version 3.3. Default on centos 7 with all updates applied. Not at office at the moment so can't post rpm precise version 

>Commands 'ipa dnszone-*' manage DNS and are >not strictly related to AD trusts. 
>If you add DNS zone to one IPA server it is >automatically served by all other 
>servers. This applies to master & forward zones >too.

Ah. I see. I misunderstood the documentation then.

So, would ipa know there are two active directories in the network even without being explicit on the configuration? I am guessing through DNS?

If not, what would be needed to clue it of this fact?

>To get full redundancy for *master* zones you >have to add all names of IPA DNS 
>servers to NS records in the zone and also to its >parent zone. (BTW FreeIPA 
>4.1 will manage in-zone NS records automatically for you.)

>For forward zones you don't need to do anything >else. It should just work.

-- 
Petr^2 Spacek

Thanks
William

------------------------------

_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

End of Freeipa-users Digest, Vol 76, Issue 10
*********************************************

More information about the Freeipa-users mailing list