[Freeipa-users] Some high level questions (DNS & CA)
Petr Spacek
pspacek at redhat.com
Fri Mar 4 15:24:44 UTC 2016
On 3.3.2016 13:26, Martin Basti wrote:
> Hello,
>
> comments inline
>
> On 03.03.2016 13:11, Geselle Stijn wrote:
>>
>> Hello,
>>
>> We have a large Windows environment and around 50 RHEL servers (which will
>> grow to a few hundred in the future). Our goal is to be able to login with
>> our AD credentials and have sudo centrally managed. To be able to manage
>> users and their access/permissions we are looking into IdM combined with a
>> unidirectional non-transitive AD-trust so our existing AD users can
>> authenticate on the RHEL servers.
>>
>> I have a few (high level) questions regarding the setup of IdM:
>>
>> 1)There is an integrated DNS component (BIND). Is this component required?
>> Because we would like to keep DNS managed by Windows (A and CNAME records).
>> I have seen that there’s a forward only policy, but what’s the point of
>> that? Can’t we just directly use the Windows DNS then instead of forwarding,
>> i.e. point the client’s nameservers to the Windows nameservers? I’m
>> obviously missing something crucial, sorry J
>>
> DNS subsytem is optional, you can use windows DNS for IPA (manual
> configuration needed for each replica)
Today we released new version of docs, please see
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/ipa-linux-services.html#dns
for further details regarding DNS.
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list