[Freeipa-users] SRV record to tell w2k8 machines to use IPA server for ldap
Simo Sorce
simo at redhat.com
Sat Jun 18 14:55:26 UTC 2011
On Fri, 2011-06-17 at 02:15 -0400, Tim Hildred wrote:
> Hello;
>
> I have a VM running FreeIPA, and have the DNS SRV records referencing ldap and kerberos mentioned in the documentation. In trying to set the domain of my Win2k8 VM to mysandbox.com, i get an error that the
>
> "DNS name does not exist"
>
> after running the query for
>
> "_ldap._tcp.dc._msdcs.mysandbox.com"
>
> which is different than the example given for an LDAP SRV record.
>
> So what SRV record has to exist that will allow my W2k8 VM to join mysandbox.com domain?
>
>
> ipa dnsrecord-add _______________________
Sorry Tim, but FreeIPA cannot be a direct Domain Controller for Windows
clients. Unfortunately Windows Clients can only join AD domains and
stuff that behave *exactly* like AD down to very fine details.
There is actually a write-up here [1] on how to hook-up a windows client
to use FreeIPA as an authentication source, but that is not the same
thing as joining a domain. Depending on your needs it may be enough
though. Also note that we have not tested this guide with v2 or recent
Windows clients.
If you want an alternative to AD for your Windows clients I can suggest
trying Samba4, it is still not complete, but has enough basic AD
infrastructure to work for single domain deployments, with some minor
restrictions.
Simo.
[1]
http://www.freeipa.org/page/Implementing_FreeIPA_in_a_mixed_Environment_
%28Windows/Linux%29_-_Step_by_step
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list