Hi List
I have AD trusts configured and working between an IPA server and a "master" primary domain controller (dc-1) in a forest in one data center. This allows me to connect with SSH to linux servers in the same data-center, authenticating with my AD credentials. I'm trying to test a scenario where I have an IPA server set up in another data center, and trust is established with an AD domain controller (dc-2) in that data-center. This domain controller takes dc-1 as it's authoritative source. Ideally, the IPA server will interact with the domain controller nearest to it (i.e dc-2), however, from tcpdump, I note the following: - IPA server communicates with dc-2 first - dc-2 returns a list of domain controllers in all the datacenters, including dc-1 the IPA server then begins querying ldap and kerberos ports on dc-1, the domain controller furthest from it. - Authentication on clients fail My question is: Is it possible to get IPA to query and interact only with the domain controller it initially established trust with? Thanks in advance, Traiano -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project