[Freeipa-users] Do clients have to be in teh same DNS zone / FQDN as the IPA servers / Kerberos Realm?

[Steven Jones]

Hi,

Sorry.....

but Im getting hammered by my management for instant answers.......they asked last night and expect an answer this morning.....and I'm expected to catch up and deploy several important solutions/projects all hinging on IPA   ASAP.......

2.2 isnt in RHEL6.3 though?

Anyway I will leave it longer, but Qs seem to drop off the list pretty quickly.......

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: Rob Crittenden [rcritten at redhat.com]
Sent: Thursday, 21 June 2012 8:31 a.m.
To: Steven Jones
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Do clients have to be in teh same DNS zone / FQDN as the IPA servers / Kerberos Realm?

Steven Jones wrote:
> I assume with no reply, now one knows?

That's not really fair, it hasn't even been 24 hours.

> My IPA servers are say  ipa1 and 2.ipa.example.com
>
> I have existing linux servers that I would rather not change the FQDN on, say server1.example.com Do I actually have to make the client server1.ipa.example.com or can I leave it as is at server1.example.com? Would that give any IPA problems? or is it just poor practice?

Yes, you should be able to enroll server1.example.com into the
ipa.example.com realm. You'll need a v2.2+ client for this to work. A
patch was added (contributed by a user, actually) that will add a domain
mapping to krb5.conf so this should work.

rob