[Freeipa-users] IPA as subdomain, part of AD ?
Simo Sorce
simo at redhat.com
Mon May 16 17:59:34 UTC 2016
On Mon, 2016-05-16 at 17:00 +0100, lejeczek wrote:
> hi users/devel
>
> I'm trying to grasp the concepts - can IPA be plugged into AD domain,
> be part of it as a subdomain?
No, the only trust type we handle is a Forest level trust, so FreeIPA
needs to be its own forest in AD terms.
> I'm guessing it'd be quite common scenario, I see wiki describes
> opposite arrangement, but how##SELECTION_END## how to have IPA as
> ipa.activedir.local whereas activedir.local is top domain of an
> enterprise?
> Would this still be - setting cross-domain trust?
It would still create a trust between 2 different forests, it's just so
happen that one of them will be in a DNS subdomain.
For this to work, no other windows machine may have used the
ipa.activedir.local domain before.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list