Thanks David. Generally for Operating systems like Amazon Linux etc which does not have a IPA-Client, we generally use SSSD to get things working.
In such cases, what would be optimal way to configure the SRV records as --domain parameter won't be present. On Mon, Jan 25, 2016 at 5:16 PM, David Kupka <[email protected]> wrote: > On 25/01/16 12:08, Zeal Vora wrote: > >> Thanks Petr. >> >> So if the domain is example.com, in DNS, what would be the IP associated >> with it ? >> >> As there are 2 master servers, each of them will have different IP >> address. >> >> On Mon, Jan 25, 2016 at 4:34 PM, Petr Spacek <[email protected]> wrote: >> >> On 25.1.2016 10:47, Zeal Vora wrote: >>> >>>> Hi >>>> >>>> I have setup a multi-master IPA and it seems to be working fine. >>>> >>>> The clients ( laptops and servers ) are not using the DNS of IPA. >>>> >>>> I was wondering, while configuring ipa-client, which server do I >>>> >>> reference >>> >>>> to when it asks the ipa-server hostname ? >>>> >>>> Both the master server has different hostnames. >>>> >>>> master1.example.com ( Master 1 ) >>>> master2.example.com ( Master 2 ) >>>> >>> >>> Specify only --domain option and do not use --server option at all. In >>> will >>> enable server auto-detection using DNS SRV records and you will not need >>> to >>> worry about adding/removing servers because all clients will >>> automatically >>> pick the new list up. >>> >>> -- >>> Petr^2 Spacek >>> >>> -- >>> Manage your subscription for the Freeipa-users mailing list: >>> https://www.redhat.com/mailman/listinfo/freeipa-users >>> Go to http://freeipa.org for more info on the project >>> >>> >> >> >> > The '--domain' parameter is for client installer to form DNS request. > Request that is sent is the same as one sent by this command: > dig -t SRV _ldap._tcp.<domain> > > It then receiver list of records similar to this one: > 100 0 389 <master1-fqdn> > 100 0 389 <master2-fqdn> > > Installer then goes through the list and checks if it's really FreeIPA > server and first one that passes is used. When IP address is needed it can > be resolved from the name included in SRV response. > > HTH, > -- > David Kupka >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
