[Freeipa-users] Master level IPA server
Dmitri Pal
dpal at redhat.com
Thu Apr 30 00:57:32 UTC 2015
On 04/29/2015 08:38 PM, Aric Wilisch wrote:
> Is it possible to setup a Master level FreeIPA domain, then have 3 sub
> level domains use it for authentication?
>
> So master server at say ipa.domain.com <http://ipa.domain.com>, then
> have a secondary zone that is ipa2.sub1.domain.com
> <http://ipa2.sub1.domain.com>.
>
> We have 3 different environments that need to stay separated. We were
> going to have them all authenticate to an Active Directory domain but
> getting that setup is turning into a real issue. So if possible I
> would like to have a master level IPA server, then three sub level IPA
> servers that authenticate against it, then have our Windows Terminal
> Servers authenticate against it as well if possible.
>
> So if there is documentation on how to set that up I would appreciate
> a pointer, I haven't been able to find it yet.
>
> Thanks much!
>
> Regards,
> ------------------------------------------
> Aric Wilisch
> awilisch at gmail.com <mailto:awilisch at gmail.com>
>
>
>
>
>
>
You can have one IPA Kerberos realm spanning several zones but the top
level domain should be the same as the realm otherwise trust would not work.
I think Alexander would have some pointers.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150429/26487bd5/attachment.htm>
More information about the Freeipa-users
mailing list