[Freeipa-users] Two kerberos realms for same domainname?
Dmitri Pal
dpal at redhat.com
Wed May 8 17:59:21 UTC 2013
On 05/08/2013 12:41 PM, Johnny Westerlund wrote:
> Hi all
>
> I'm planning implementing a IPA server at a site where there is
> allready a working Active directory domain.
> I would still like the machines from AD and IPA live in the same DNS
> domain.
>
> Example.
> AD Domainname = foo.bar
> AD KERBEROS realm = FOO.BAR
> a Host principal would look like: host/host1.foo.bar at FOO.BAR
>
> Now i would like to introduce the IPA server under a different realm
> name but for the same DNS name.
>
> IPA domainname = foo.bar
> IPA KERBEROS realm = LINUX.FOO.BAR (or what ever)
> a Host principal would look like: host/host2.foo.bar at LINUX.FOO.BAR
>
> So basicly i would register the hostnames / PTR records in the
> microsoft DNS and use the IPA kerberos REALM for authentication.
>
> Am i making any sense? is this asking for a world of hurt?
Yes this should be possible. Install it without DNS and point to AD DNS
during install. I do not recall the exact command line switches but it
should be clear from the ipa-server-install man page.
You would have to either add IPA server records to AD DNS or explicitly
configure clients to use static names for IPA servers. See
ipa-client-install --fixed-primary and --server switches in man pages.
>
>
>
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130508/1818362e/attachment.htm>
More information about the Freeipa-users
mailing list