On ma, 29 tammi 2018, Alexandre Cardoso wrote:
Hi,
We have 2 major projects with several servers each project until now we only have one IPA server and want to implement a second one in other site for the other project and want to implement it also as a failover to the other IPA server site.
So if I can have 2 domains and if possible to change the realm I would reconfigure the already in place IPA to have an general realm and when installing ida-replica-install in the new server I can have a different domain and use the general realm right?
You cannot change Kerberos realm after the deployment.
You can add more IPA replicas in other DNS domains, no problem.
After that the clients will reach each other via DNS query right?
Yes.
Thanks
Alex
On 29 Jan 2018, at 12:19, Alexander Bokovoy abokovoy@redhat.com wrote:
On ma, 29 tammi 2018, Alexandre Cardoso wrote:
Hummm.that is bad…for me…
Is that a way I can change the already in place Realm without affecting existing users/hosts so I can adapt to multi site/domain?
I don't think so. If you have different realms, you are dealing with two different deployments that are unrelated to each other.
What these realms represent? Two different IPA deployments or something else? A bit of context would have helped.
Thanks Alex
On 29 Jan 2018, at 10:45, Alexander Bokovoy abokovoy@redhat.com wrote:
On ma, 29 tammi 2018, Alexandre Cardoso wrote:
Thanks Alexander,
And if I have different realms this can work?
IPA only supports a single Kerberos realm.
-- / Alexander Bokovoy
-- / Alexander Bokovoy