Hi Experts,
We have several IPA servers (pair of 8), and they are all replicas of each other with domain level-1. For example,
-- No location set for these two servers server-1.ex1.net server-2.ex1.net
-- locname1 server-1.mgmt-ex2.net server-2.mgmt-ex2.net
We are using ipa version 4.5.4 from EL7. There are many clients that are configured to use each of these pairs using /etc/resolv.conf. We tried setting ipa-location info for each of these pairs, but must be missing something because a query like the following returns the default records.
$ dig +short -t SRV _ldap._tcp.ex1.net 0 100 389 server2.mgmt.ex2.net 0 100 389 server1.ex1.net 0 100 389 server2.ex1.net 0 100 389 server1.mgmt.ex2.net
whereas a location specific query returns with correct priority,
$ dig +short -t SRV _ldap._tcp.locname1._locations.ex1.net 0 100 389 server1.mgmt.ex2.net 50 100 389 server2.ex1.net 0 100 389 server2.mgmt.ex2.net ..... .....
Question is, what's the recommended way to do the ipa-location in a case like ours ? What are we missing in our setup that causes the query to always provide a default record.
Thanks
On 1/3/19 8:39 PM, I AM USER via FreeIPA-users wrote:
Hi Experts,
We have several IPA servers (pair of 8), and they are all replicas of each other with domain level-1. For example,
-- No location set for these two servers server-1.ex1.net server-2.ex1.net
-- locname1 server-1.mgmt-ex2.net server-2.mgmt-ex2.net
We are using ipa version 4.5.4 from EL7. There are many clients that are configured to use each of these pairs using /etc/resolv.conf. We tried setting ipa-location info for each of these pairs, but must be missing something because a query like the following returns the default records.
$ dig +short -t SRV _ldap._tcp.ex1.net 0 100 389 server2.mgmt.ex2.net 0 100 389 server1.ex1.net 0 100 389 server2.ex1.net 0 100 389 server1.mgmt.ex2.net
whereas a location specific query returns with correct priority,
$ dig +short -t SRV _ldap._tcp.locname1._locations.ex1.net 0 100 389 server1.mgmt.ex2.net 50 100 389 server2.ex1.net 0 100 389 server2.mgmt.ex2.net ..... .....
Question is, what's the recommended way to do the ipa-location in a case like ours ? What are we missing in our setup that causes the query to always provide a default record.
Hi,
The following HowTo may help you: https://www.freeipa.org/page/Howto/IPA_locations
flo
Thanks _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Thanks, but I got to this point after following that document. It doesn't answer my question.
On 1/8/19 10:13 PM, I AM USER via FreeIPA-users wrote:
Thanks, but I got to this point after following that document. It doesn't answer my question. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Hi,
the output of dig will depend on the DNS server you are contacting.
For instance, let's assume client1 has /etc/resolv.conf configured to use the DNS servers without any location (server-1.ex1.net and server-2.ex1.net). On this client, the output will be as you saw: $ dig +short -t SRV _ldap._tcp.ex1.net 0 100 389 server2.mgmt.ex2.net 0 100 389 server1.ex1.net 0 100 389 server2.ex1.net 0 100 389 server1.mgmt.ex2.net
Now if you contact the DNS on server-1.mgmt-ex2.net instead (which is part of locname1), you should see a different output:
$ dig @<IP of server-1.mgmt-ex2.net> +short -t SRV _ldap._tcp.ex1.net 0 100 389 server2.mgmt.ex2.net 0 100 389 server1.mgmt.ex2.net 50 100 389 server1.ex1.net 50 100 389 server2.ex1.net
So if you want client1 to use the IPA servers from locname1, you need to configure only the servers from locname1 in /etc/resolv.conf.
Hope this clarifies, flo
freeipa-users@lists.fedorahosted.org