[Radmind-users] Multiple Radmind sites and using certificates

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi,

A question to those of you who manage multiple sites with Radmind, and use
certificates.

I've been asked to implement my Radmind setup across multiple sites within
our company.

I am looking to have my current Radmind server as a master, and the relevant
parts of /var/radmind gets rsynced regularly to local Radmind servers at all
the other sites, so we are all using the same loadsets, command files, etc.

That bit I can see working and know others have done the same.

However, I currently use static IPs assigned via DHCP and this is a no-no on
the company-wide setup, so we're looking at certificates.

We also want it so that no matter what site a Mac moves to (this is thinking
latops, in the main; but also relocating Macs in certain DR scenarios), it
can be identified by the local Radmind server at that site and get any
updates pending.

I'm setting up the certificate environment within my current one-server
setup, and chewing my way through this.

My question is, once I get this working, is it possible to use certificates
in a way that a client's certificate can be authenticated/identified by all
the local Radmind servers across the multiple sites?

Or do I need to create a CA on each Radmind server and then have a
cert-per-site for each client? I can see how I might do this by having the
multiple certs on a client, and within my scripts identifying the site
network it is on (we have ways of doing this) and supplying the correct cert
explicitly within the radmind commands.

My knowledge of certificates is rudimentary (but growing daily!) so I'm
thinking off-the-cuff here, but someone out there might be able to give me
the low-down on the "right way" to implement this.

TIA,
Matt.