[Freeipa-users] Choosing the right way to create trust
Genadi Postrilko
genadipost at gmail.com
Wed Feb 12 10:15:22 UTC 2014
What about adding alias DNS record of hostname.ipa.zone.corp to all linux
machines, so they will keep the old FQDM.
On Feb 12, 2014 10:49 AM, "Martin Kosek" <mkosek at redhat.com> wrote:
> On 02/11/2014 07:29 PM, Genadi Postrilko wrote:
> > I work in environment where the AD is the DC of the windows machines ,
> > while the linux machines (RHEL 5\6) are not centrally managed.
> > I would like to create an IPA server to manage the linux machines while
> > creating a trust with AD.
> > The current situation is all windows and linux machines are under
> > .zone.corp domain.
> >>From what ive read at
> >
> https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide.html
> ,
> > i can create trust when IPA is a subdomain of AD domain or when the
> > domains are separate. I'm not sure what is the method i should approach.
> > Can IPA be a dc inside the AD domain? Or should i create a subdomain for
> > linux and then move all the linux machines to the new domain (I hope
> not).
> >
> > Any advice?
>
> The key here is that for IPA and AD to be able to work together in a trust,
> they need to be in separate domains with realm matching this domains. In
> your
> case, it seems to me that a following scenario would work the best:
>
> * AD with domain zone.corp and realm ZONE.CORP
> * IPA with domain ipa.zone.corp and realm IPA.ZONE.CORP
>
> Ideally, IPA should have DNS installed and have the ipa.zone.corp delegated
> from the AD DNS (or other DNS you use).
>
> More info here:
> http://www.freeipa.org/page/Trusts
>
> Martin
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140212/b5f8af85/attachment.htm>
More information about the Freeipa-users
mailing list