[Freeipa-users] DNS configuration

Matthew Herzog matthew.herzog at gmail.com
Mon Dec 8 15:07:06 UTC 2014 

My Linux/LDAP domain is lnx.e-bozo.com. The AD domain is ad.e-bozo.com.
This has always been the case. I set up my FreeIPA server in the
lnx.e-bozo.com domain using realm LNX.E-BOZO.COM. In light of this, how
should I proceed?

On Mon, Dec 8, 2014 at 9:48 AM, Simo Sorce <simo at redhat.com> wrote:

> On Mon, 08 Dec 2014 08:58:46 -0500
> Dmitri Pal <dpal at redhat.com> wrote:
>
> > > Perhaps I should have explained that we are not going to set up a
> > > new DNS domain for the ipa-managed servers.
>
> Note that if you cannot set up a new DNS domain and this domain is the
> same as the AD domain then you cannot to the stuff Dmitri describe
> below. The only way to have accounts on freeipa in this case is to use
> the winsync method, which has a number of limitation.
> Also clients will be rather confused when you try to
> ipa-client-install as they will find AD servers instead of ipa servers,
> finally you'll have to use a different realm name for the IPA domain,
> one that doesn't match the AD domain.
>
> HTH,
> Simo.
>
> > > We have an Oracle dsee7
> > > server doing LDAP for our Linux servers and accounts. We want to
> > > migrate to IPA so we don't have to maintain a Linux/LDAP account
> > > for every user who needs access to Linux servers. All of our users
> > > start with an account in AD and since none of my predecessors knew
> > > about Winbind, they set up dsee7.
> > >
> > > So I'm thinking we'll need to import all our dsee7 accounts AND
> > > make it possible for AD users to access the Linux systems without
> > > needing to create them in IPA.
> >
> >
> > So the approach would be:
> >
> > 1) Install IPA (do not migrate users)
> > 2) Establish trust with AD
> > 3) Start switching client configuration from using LDAP with dsee7 to
> > SSSD pointing to IPA
> >
> > You do not need to migrate users.
>
>
>
> --
> Simo Sorce * Red Hat, Inc * New York
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project
>



-- 
If life gives you melons, you may be dyslexic.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141208/c6db62b2/attachment.htm>

More information about the Freeipa-users mailing list