[Freeipa-users] Trust relationship redundancy
william.muriithi at gmail.com
Wed Nov 5 20:21:53 UTC 2014
Sorry, missed your response earlier.
On 4.11.2014 21:57, William Muriithi wrote:
> I have two AD and would like to retain that redundancy within IPA after
> establishing trust relationship. How would one achieve that?
> I have attempted the following:
> [root at ipa3-yyz-int ~]# ipa dnszone-add example.local
> --name-server=srvyyzdc02.example.local --name-server=srvyyzdc01.example.local
> --admin-email='systemadmin at example.com' --force --forwarder=10.10.10.90
> --forwarder=10.10.10.91 --forward-policy=only --ip-address=10.10.10.90
> ipa: ERROR: invalid 'idnssoamname': Only one value is allowed
> And got the following error above
>Could you explain what you are trying to achieve, please?
Was trying to make sure trust remain in place even if we loose one of the master master AD
>What version of FreeIPA do you use?
Version 3.3. Default on centos 7 with all updates applied. Not at office at the moment so can't post rpm precise version
>Commands 'ipa dnszone-*' manage DNS and are >not strictly related to AD trusts.
>If you add DNS zone to one IPA server it is >automatically served by all other
>servers. This applies to master & forward zones >too.
Ah. I see. I misunderstood the documentation then.
So, would ipa know there are two active directories in the network even without being explicit on the configuration? I am guessing through DNS?
If not, what would be needed to clue it of this fact?
>To get full redundancy for *master* zones you >have to add all names of IPA DNS
>servers to NS records in the zone and also to its >parent zone. (BTW FreeIPA
>4.1 will manage in-zone NS records automatically for you.)
>For forward zones you don't need to do anything >else. It should just work.
Freeipa-users mailing list
Freeipa-users at redhat.com
End of Freeipa-users Digest, Vol 76, Issue 10
More information about the Freeipa-users