[Freeipa-users] Clients in multiple domains, any known issues?
Dmitri Pal
dpal at redhat.com
Wed Dec 17 00:09:40 UTC 2014
On 12/16/2014 02:24 AM, Eivind Olsen wrote:
> Hello.
>
> I have so far been running IPA on RHEL6, with a single domain (and a
> matching realm). I now have a use-case where it looks like I'll need to
> set up a new IPA realm, with the IPA servers in one DNS domain and the IPA
> clients in multiple (2-4) other domains.
> The servers will be running RHEL6 or RHEL7 with the bundled IPA.
> The clients are running mainly RHEL5 and RHEL6, and have hostnames that
> don't exist in DNS.
So how would be these hosts resolved?
If you want them to be integrated with IPA using SSSD they need to be
resolvable by the server which would require some kind of DNS entry.
If you plan to use older tools on those clients like nss-pam-ldap I do
not think there will be an issue but then you loose a lot of value of
IPA/SSSD.
> Are there any known issues with this type of setup? I know, it sounds a
> bit hairy, but apart from that? :)
>
> Regards
> Eivind Olsen
>
>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
More information about the Freeipa-users
mailing list