[Freeipa-users] Free IPA to Microsoft AD 2008R2 trust question
Jan Pazdziora
jpazdziora at redhat.com
Tue Oct 13 07:36:24 UTC 2015
On Mon, Oct 12, 2015 at 08:13:29PM +0000, Andy Thompson wrote:
>
> > The company I work for uses AD 2008R2 DC to resolve requests for
> > Unix/Linux servers in various environments, under one domain
> > example.com, with the Realm EXAMPLE.COM ?
> >
> > Is it possible to use Freeipa 4.1.0, with an g AD-Trust with only itself as a
> > name server and forwarding all DNS requests to the windows DC's and still
> > keep everything in the example.com domain without creating a child domain
> > like ipa.example.com ?
> >
> > http://www.freeipa.org/page/Active_Directory_trust_setup
> >
> > Add for RedHat 7, use hostnamectl set-hostname ipa.example.com
> >
> > and
> > change the install IPA server command to
> >
> > ipa-server-install -a mypassword1 -p mypassword2 --domain=example.com -
> > -realm=example.com --setup-dns --forwarder=AD_ipaddress
>
> No. The IPA domain has to be different than the AD domain.
However, if the concern is more about users not wanting to see the
ipa.example.com in servers' hostnames than the underlying technology,
CNAMEs pointing to that IPA-managed domain can be used to present
flat structure to users:
server.example.com -> server.ipa.example.com
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
More information about the Freeipa-users
mailing list