We're planning an IdM implementation where we have several data centers over a large geographic location. We're following the Red Hat guide: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/htm... and are interested in having the "tight cell" replication strategy with indirect authentication based on a one-way trust from AD.
What I do not yet understand is multiple servers in different data centers with a single trust (realm). That is, do we need to run ipa trust-add on multiple servers? Further, would this be on each server in the cell, or would it be only for the trust controller?
On ti, 11 heinä 2017, erricg--- via FreeIPA-users wrote:
We're planning an IdM implementation where we have several data centers over a large geographic location. We're following the Red Hat guide: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/htm... and are interested in having the "tight cell" replication strategy with indirect authentication based on a one-way trust from AD.
What I do not yet understand is multiple servers in different data centers with a single trust (realm). That is, do we need to run ipa trust-add on multiple servers? Further, would this be on each server in the cell, or would it be only for the trust controller?
You do not need to run 'ipa trust-add' multiple times. Trust objects are in replicated space, so once established, trust details are replicated to all IPA masters. However, each master needs to be prepared to take advantage of that information.
You should ensure that each server is at least a trust agent.
A correct documentation for that is https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/htm...
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
freeipa-users@lists.fedorahosted.org