[Freeipa-users] IPA as subdomain, part of AD ?
Petr Spacek
pspacek at redhat.com
Tue May 17 11:24:01 UTC 2016
On 16.5.2016 19:59, Simo Sorce wrote:
> On Mon, 2016-05-16 at 17:00 +0100, lejeczek wrote:
>> hi users/devel
>>
>> I'm trying to grasp the concepts - can IPA be plugged into AD domain,
>> be part of it as a subdomain?
>
> No, the only trust type we handle is a Forest level trust, so FreeIPA
> needs to be its own forest in AD terms.
>
>> I'm guessing it'd be quite common scenario, I see wiki describes
>> opposite arrangement, but how##SELECTION_END## how to have IPA as
>> ipa.activedir.local whereas activedir.local is top domain of an
>> enterprise?
>> Would this still be - setting cross-domain trust?
>
> It would still create a trust between 2 different forests, it's just so
> happen that one of them will be in a DNS subdomain.
>
> For this to work, no other windows machine may have used the
> ipa.activedir.local domain before.
Please see
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/trust-requirements.html
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list