[Freeipa-users] Novice question: can client hostname be in a different DNS domain than the IPA service?
Chris Dagdigian
dag at sonsorol.org
Wed Oct 5 14:36:21 UTC 2016
Alexander Bokovoy wrote:
> You need to read this:
> http://www.freeipa.org/page/V4/IPA_Client_in_Active_Directory_DNS_domain
> to understand all limitations and problems.
>
> This is technical description. For higher level, see
> http://rhelblog.redhat.com/2016/07/13/i-really-cant-rename-my-hosts/
Thank you very much! Greatly appreciate the fast and useful responses on
this list -- the archive has been a huge help along with the RedHat IDM
documentation.
My primary use case is SSH login for users with credentials coming from
multiple AD Forests so it looks like I'm going down the path of "Option
3 – Use Indirect Integration with IdM" as referenced in the
http://rhelblog.redhat.com/2016/07/13/i-really-cant-rename-my-hosts/
blog posting -- seems like we lose quite a bit of Kerberos SSO features
but for now I'm OK with that. This is Free-IPA at the moment but will be
migrated to RHEL-IDM if successful.
Regards,
Chris
More information about the Freeipa-users
mailing list