On Wed, 2013-03-13 at 09:28 -0400, Rob Crittenden wrote: > Michael ORourke wrote: > > I think SRV records are only part of the problem. We are using > > integrated BIND/DNS with our IPA servers and I'm not sure it supports > > views. But thanks for the suggestion. > > I guess we could create custom krb5.conf files in each DC and mange them > > with Puppet, but there are other config files (e.g. resolv.conf and > > ldap.conf) that would need to be managed too. Maybe there are some > > other IPA client config files that setup static mappings during the join > > process. Anyone know which ones to look at? > > No, we don't support views yet. > > You'd also need a custom sssd.conf as well. > > We support this kind of configuration in 3.x. Using multiple --server > and --fixed-primary options of ipa-client-install you can add multiple, > hardcoded servers and still have failover. Basically you configure > things to ignore the SRV records, so you shouldn't have to mess with the > resolver at all.
Just want to note that we are working on a more manageable solution for the future: http://www.freeipa.org/page/V3/DNS_Location_Mechanism But we are not there yet. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users