On 12/14/2017 06:52 PM, Gordon Messmer via FreeIPA-users wrote:
I've set up a replica in an IPA domain, and was surprised that it did not have DNS configured the same way that the first IPA server does. Of the following options that I specified on the first install, which do I need to provide to a replica in order to get identical functionality, and where is that documented?
--mkhomedir --setup-dns --forwarder --reverse-zone --allow-zone-overlap --setup-adtrust _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Hi,
A replica does not necessarily provide the same services as the first IPA server (for instance CA or DNS). This is described in Linux Domain Identity, Authentication and Policy Guide, in the section "Deployment considerations for replicas" [1].
If you want to install the replica with DNS, you can find the options for ipa-replica-install in its man page. There is a whole section specific to DNS OPTIONS.
If the replica was installed without DNS but you would like to add the DNS service, it is not required to uninstall and re-run replica installation. The tool ipa-dns-install can be used to add the DNS service, and its options are available in its man page as well.
Same comment applies for configuring the ad trust, the tool ipa-adtrust-install can be run on the replica.
HTH, Flo
[1] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/htm...