[Freeipa-users] New FreeIPA Install; Testing for Proof of Concept
Rob Ogilvie
rob at axpr.net
Wed Aug 8 17:27:03 UTC 2012
On Wed, Aug 8, 2012 at 9:06 AM, Petr Spacek <pspacek at redhat.com> wrote:
> Best way is to create subdomain UNIX.MYCOMPANY.COM and fill it with proper
> SRV records (or let IPA to manage it).
Ugh, I hope this doesn't end up pushing us back to NIS.
If I can get our infrastructure guys to buy off on making a
unix.mycompany.com subdomain in DNS, would I need to move all the
hosts to be under that subdomain in DNS? I have some services
configured that are difficult to rename the DNS domain of. Could, for
instance, host-one.mycompany.com be part of the UNIX.MYCOMPANY.COM
realm, given a MYCOMPANY.COM realm also exists?
I could then put some SRV records into the subdomain's zone to point
the kerberos stuff to the IPA server, change the domain on the IPA
server, change the realm on the IPA server, re-register clients, and
everything would be happy?
Ugh... actually... now that I think about this, I don't think I want
half my servers in a unix subdomain in DNS, which means DNS and realm
wouldn't match...
Thoughts? Aside from rebuilding the infrastructure I've built already? :-)
Rob
More information about the Freeipa-users
mailing list