On 26.1.2016 13:18, Zeal Vora wrote: > Thanks David. > > Generally for Operating systems like Amazon Linux etc which does not have a > IPA-Client, we generally use SSSD to get things working. > > In such cases, what would be optimal way to configure the SRV records as > --domain parameter won't be present.
Hi, ipa-client just configures SSSD, so SRV records will work just fine if you configure it by hand. Anyway, I would recommend you either to push Amazon to include IPA support in their distro or to use RHEL/CentOS in AWS. Petr^2 Spacek > On Mon, Jan 25, 2016 at 5:16 PM, David Kupka <dku...@redhat.com> wrote: > >> On 25/01/16 12:08, Zeal Vora wrote: >> >>> Thanks Petr. >>> >>> So if the domain is example.com, in DNS, what would be the IP associated >>> with it ? >>> >>> As there are 2 master servers, each of them will have different IP >>> address. >>> >>> On Mon, Jan 25, 2016 at 4:34 PM, Petr Spacek <pspa...@redhat.com> wrote: >>> >>> On 25.1.2016 10:47, Zeal Vora wrote: >>>> >>>>> Hi >>>>> >>>>> I have setup a multi-master IPA and it seems to be working fine. >>>>> >>>>> The clients ( laptops and servers ) are not using the DNS of IPA. >>>>> >>>>> I was wondering, while configuring ipa-client, which server do I >>>>> >>>> reference >>>> >>>>> to when it asks the ipa-server hostname ? >>>>> >>>>> Both the master server has different hostnames. >>>>> >>>>> master1.example.com ( Master 1 ) >>>>> master2.example.com ( Master 2 ) >>>>> >>>> >>>> Specify only --domain option and do not use --server option at all. In >>>> will >>>> enable server auto-detection using DNS SRV records and you will not need >>>> to >>>> worry about adding/removing servers because all clients will >>>> automatically >>>> pick the new list up. >>>> >>>> -- >>>> Petr^2 Spacek >>>> >>>> -- >>>> Manage your subscription for the Freeipa-users mailing list: >>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>> Go to http://freeipa.org for more info on the project >>>> >>>> >>> >>> >>> >> The '--domain' parameter is for client installer to form DNS request. >> Request that is sent is the same as one sent by this command: >> dig -t SRV _ldap._tcp.<domain> >> >> It then receiver list of records similar to this one: >> 100 0 389 <master1-fqdn> >> 100 0 389 <master2-fqdn> >> >> Installer then goes through the list and checks if it's really FreeIPA >> server and first one that passes is used. When IP address is needed it can >> be resolved from the name included in SRV response. >> >> HTH, >> -- >> David Kupka >> > -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project