[Freeipa-users] New FreeIPA Install; Testing for Proof of Concept
Rob Ogilvie
rob at axpr.net
Wed Aug 8 15:42:28 UTC 2012
On Tue, Aug 7, 2012 at 7:03 PM, KodaK <sakodak at gmail.com> wrote:
> It's hard to tell with the obfuscation, but is your DOMAIN the same as
> the one handled by the domain controller vm-mapsdc2?
Indeed, it is....
> You can only have one Kerberos realm named DOMAIN.
How do they know about each other?
> For example, if you have the windows domain/Kerb realm MYCOMPANY.COM,
> you will not be able to have it coexist with an IPA server controlling
> the realm MYCOMPANY.COM.
That's quite unfortunate. How can I work around this? Can I create
the realm BLAH.MYCOMPANY.COM or maybe even NOTMYCOMPANY.COM without a
DNS domain to match, or will I need to interface with the DNS admins?
Is there a good document that describes the nature of these realms and
their relation to DNS?
> If it's an oldschool NT type domain you should be OK, but if it's
> Active Directory (which uses Kerberos) you can't do it.
It's an Active Directory domain.
Rob
More information about the Freeipa-users
mailing list