[Freeipa-users] SRV records?
Petr Spacek
pspacek at redhat.com
Fri Jul 1 11:41:02 UTC 2016
On 30.6.2016 17:56, Christophe TREFOIS wrote:
> Hi,
>
> I am getting a bit confused about what is possible / advised to do and how to setup SRV records for our existing setup.
>
> Currently, it looks like his:
>
> ipa1.domain.ltd
> ipa2.domain.ltd
> ipa3.domain.ltd
>
> I believe the installed domain and realm is domain.ltd (we added some other realm domains later on).
>
> And we use ipa1 for external user access, ipa2 for services, and ipa3 for backup (not accessed directly).
>
> We now want to create SRV records for this setup.
>
> How would they look like?
>
> The problem I have is that domain.ltd is also the university’s AD domain and, according to the docs, it is not recommended to do this, in any fashion.
>
> Would it be however, feasible, to do this via a FreeIPA-FreeIPA migration?
>
> Could you please share any piece of information, or dadvice on this?
Unfortunately there is no way to make this work. There will be inevitable
conflicts on DNS and Kerberos level.
Please make sure you fully read
http://www.freeipa.org/page/Deployment_Recommendations
and
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/installing-ipa.html#server-prereqs
After that the only option is to plan for new FreeIPA installation and
migration. Unfortunately complete FreeIPA-FreeIPA migration is not supported
either so it is mostly manual process (using hand-made scripts for your
deployment).
Do not hesitate to contact us if you have any questions.
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list