First post; be easy on me.

Can IDM/IPA servers and clients be configured in different time zones as long as they are pointed to the same NTP servers?

We have a use case scenario that requires some clients and IPA servers to be configured within specific desperate time zones for application compatibility reasons. All IPA servers and clients will be in the same domain. There will be an IPA server at each site.

Will this have ill affects on Kerberos tickets etc or will the offset be considered/corrected at each host?

Thoughts, experiences and configuration examples?

Thank you

So far as I know, the custom in such situations is to act on UTC ... Universal Time. Time is presented to end-users and such in terms of the correct time-zone (and time-of-year), but internally it is absolute.

1 members found this post helpful.

Thanks for the reply sundialsvcs

I was able to mimic the use case scenario in a lab and it worked fine. From what I found in testing, time zone does not have an effect on Kerberos etc. since the time zone offset appears to be managed at each host. So as long as the time skew does not go beyond 5 minutes, all is well.

Site A
IPASRV1 in CT
IPACLT1 client in CT
ADDC in EST (AD/IPA One Way Trust) (configured to sync with external time servers)

Site B
IPASRV2 in UTC
IPACLT2 client in UTC



NTP Server Poll Settings: /etc/ntp.conf

Pointed IPASRV1 to ADDC
Pointed IPACLT1 to IPASRV1
Pointed IPASRV2 to IPASRV1
Pointed IPACLT2 to IPASRV2

Of course you could/should add redundancy to the configuration by adding all 3 servers to ntp.conf on each host.