[Freeipa-users] Configure IPA Server work with Multiple domain Env
Martin Kosek
mkosek at redhat.com
Wed May 20 10:30:46 UTC 2015
On 05/20/2015 11:54 AM, Dewangga Bachrul Alam wrote:
> Hello!
>
> I've tried to setup my IPA server to work on multiple domain env, for
> the example, I have 20 instance/servers using mydomain.co.id then I have
> another 10 instance/servers using mydomain.com, I want to manage both of
> them on same IPA server.
This is fine. If the alternate domain contain the "_kerberos.domain.com" DNS
TXT record with the ream, Kerberos client should be able to find the right IPA
server/KDC to talk to (if they have DNS discovery enabled). Recent FreeIPA
versions add this record to owned DNS zones automatically.
> On instance with mydomain.com, I've setup and point my DNS to the IPA
> Server, the DNS Discovery was failed, but if I entered IPA server
> address manually, the setup was success.
If autodiscovery with hosts in your alternate domain does not work, you can
also use just
# ipa-client-install --domain main.ipa.domain.com
and it should find the IPA server.
>
> ---
> [root at joyoboyo ~]# getent passwd dewangga
> dewangga:*:940000001:940000001:Dewangga Alam:/home/dewangga:/bin/bash
> [root at joyoboyo ~]# uname -a
> Linux joyoboyo.mydomain.com 2.6.32-504.el6.x86_64 #1 SMP Wed Oct 15
> 04:27:16 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
> ---
>
> Is it normal? Or is there another configuration on krb5.conf? I found
> something interesting on [domain_realm] section, but before I changes
> them, better I ask to the mailing list.
What I see above looks normal to me. [domain_realm] manual mapping can be used
if you have DNS autodiscovery disabled or you miss the DNS TXT record for
Kerberos, IIRC.
>
> Thanks for any help and comments, this is my first time to configure IPA
> Server :D
Good, I hope you like it :-)
More information about the Freeipa-users
mailing list