Since the first option has less impact, that one sounds the most interesting. However, does this also remain functional when the first ipa server is taken offline ?
Rob Verduijn 2016-01-25 12:41 GMT+01:00 Alexander Bokovoy <aboko...@redhat.com>: > On Mon, 25 Jan 2016, Rob Verduijn wrote: >> >> Hi all, >> >> When you have an ipa 4.2 server with an one way trust to the ad. >> What steps are needed to install a second ipa master that also has a >> one way trust to the ad ? > > Depends on what you want to achieve. > > If you want second IPA master to be able to resolve AD users, just > install the master and run 'ipa-adtrust-install --add-agents' on the > *first* master. This will prompt you to be asked on adding the second > master to the list of hosts allowed to use cross-forest trust > credentials. > > If you want to use the second IPA master to *manage* trust, you'd need > to run 'ipa-adtrust-install' on the it. No need to specify > '--add-agents' because the master where 'ipa-adtrust-install' is being > run will be automatically added to the list. > -- > / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project