<html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> On 05/08/2013 12:41 PM, Johnny Westerlund wrote: <blockquote cite="mid:C6E0EE86F43E64449939F6DACF476385134655@SONEMDBDKHOS001.one.local" type="cite"> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <style type="text/css" id="owaParaStyle"></style> <div style="direction: ltr; font-family: Tahoma; color: rgb(0, 0, 0); font-size: 10pt;">Hi all<br> <div><br> <font face="Calibri">I'm planning implementing a IPA server at a site where there is allready a working Active directory domain.</font></div> <div><span style="font-family: Calibri; font-size: 10pt;">I would still like the machines from AD and IPA live in the same DNS domain.</span></div> <div><font face="Calibri"><br> </font></div> <div><font face="Calibri">Example.</font></div> <div><font face="Calibri">AD Domainname = foo.bar</font></div> <div><font face="Calibri">AD KERBEROS realm = FOO.BAR</font></div> <div><font face="Calibri">a Host principal would look like: <a class="moz-txt-link-abbreviated" href="mailto:host/host1.foo.bar@FOO.BAR">host/host1.foo.bar@FOO.BAR</a></font></div> <div><font face="Calibri"><br> </font></div> <div><font face="Calibri">Now i would like to introduce the IPA server under a different realm name but for the same DNS name.</font></div> <div><font face="Calibri"><br> </font></div> <div><font face="Calibri">IPA domainname = foo.bar</font></div> <div><font face="Calibri">IPA KERBEROS realm = LINUX.FOO.BAR (or what ever)</font></div> <div><span style="font-family: Calibri;">a Host principal would look like: <a class="moz-txt-link-abbreviated" href="mailto:host/host2.foo.bar@LINUX.FOO.BAR">host/host2.foo.bar@LINUX.FOO.BAR</a></span></div> <div><span style="font-family: Calibri;"><br> </span></div> <div><span style="font-family: Calibri;">So basicly i would register the hostnames / PTR records in the microsoft DNS and use the IPA kerberos REALM for authentication.</span></div> <div><span style="font-family: Calibri;"><br> </span></div> <div><span style="font-family: Calibri;">Am i making any sense? is this asking for a world of hurt?</span></div> </div> </blockquote> <br> Yes this should be possible. Install it without DNS and point to AD DNS during install. I do not recall the exact command line switches but it should be clear from the ipa-server-install man page.<br> You would have to either add IPA server records to AD DNS or explicitly configure clients to use static names for IPA servers. See ipa-client-install --fixed-primary and --server switches in man pages.<br> <blockquote cite="mid:C6E0EE86F43E64449939F6DACF476385134655@SONEMDBDKHOS001.one.local" type="cite"> <div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;"> <div><span style="font-family: Calibri;"><br> </span></div> <div><br> </div> <div><br> </div> <div><br> </div> </div> <br> <fieldset class="mimeAttachmentHeader"></fieldset> <br> <pre wrap="">_______________________________________________ Freeipa-users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre> </blockquote> <br> <br> <pre class="moz-signature" cols="72">-- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? <a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a> </pre> </body> </html>