On 21.11.18 17:40, Rob Crittenden via FreeIPA-users wrote:
[..]
Yes, masters are all more or less equal, the difference being whether
they run optional services and there are a few roles that only one
master has (CRL manager, renewal manager).
I still do not have a clear picture. Is it true that any scenario starts
with one master and all others are replicas?
> What about AD trust? Does it have to be set up for each of the
new
> servers?
https://www.freeipa.org/page/Active_Directory_trust_setup does
> say so: "When planning access of AD users to IPA clients, make sure to
> run ipa-adtrust-install on every IPA master these IPA clients will be
> connecting to."
Then I guess it does.
Can anyone confirm this?
Cheers,
Ron