search

IPA HA cluster

When ipa-server is setup with embedded DNS (using --setup-dns ) SRV records are automatically added in IPA.

If its external DNS server, you need to add records something like this in your DNS server. 

_ldap._tcp.example.com. 86400 IN SRV 0 100 389
ipaserver1.example.com.
_kerberos._tcp.example.com. 86400 IN SRV 0 100 88 ipaserver1.example.com.
_kerberos._udp.example.com. 86400 IN SRV 0 100 88 ipaserver1.example.com.
_kpasswd._tcp.example.com. 86400 IN SRV 0 100 464
ipaserver1.example.com.
_kpasswd._udp.example.com. 86400 IN SRV 0 100 464
ipaserver1.example.com.

After this client will auto discover IPA server which is providing LDAP & Kerberos information.

Try to run below commands on your IPA client & point resolv.conf to IPA server & IPA client 

dig srv _ldap._tcp.dataservice.net
dig srv _kerberos._tcp.dataservice.net
dig srv _kpasswd._tcp.dataservice.net
_kerberos-master._tcp SRV 0 100 88 x000xipa000.nix.tech.altenar.net.
											SRV 0 100 88 x000xipa001.nix.tech.altenar.net.
	
_kerberos-master._udp SRV 0 100 88 x000xipa000.nix.tech.altenar.net.
											SRV 0 100 88 x000xipa001.nix.tech.altenar.net.
	
_kerberos._tcp        SRV 0 100 88 x000xipa000.nix.tech.altenar.net.
											SRV 0 100 88 x000xipa001.nix.tech.altenar.net.
	
_kerberos._udp        SRV 0 100 88 x000xipa000.nix.tech.altenar.net.
											SRV 0 100 88 x000xipa001.nix.tech.altenar.net.
	
_kpasswd._tcp         SRV 0 100 464 x000xipa000.nix.tech.altenar.net.
											SRV 0 100 464 x000xipa001.nix.tech.altenar.net.
	
_kpasswd._udp         SRV 0 100 464 x000xipa000.nix.tech.altenar.net.
											SRV 0 100 464 x000xipa001.nix.tech.altenar.net.
	
_ldap._tcp            SRV 0 100 389 x000xipa000.nix.tech.altenar.net.
											SRV 0 100 389 x000xipa001.nix.tech.altenar.net.
	
_ntp._udp             SRV 0 100 123 x000xipa000.nix.tech.altenar.net.
											SRV 0 100 123 x000xipa001.nix.tech.altenar.net.

You can acquire a list of the required SRV records specific to your system setup by running the $ ipa dns-update-system-records --dry-run command.

PreviousKerberos debugNextGrep (OR) (moved)

Last updated