[Freeipa-users] FreeIPA domains and sub-domains
Brian Candler
b.candler at pobox.com
Thu Oct 27 09:07:40 UTC 2016
On 27/10/2016 09:30, Alexander Bokovoy wrote:
> Yes, you can do that, there is no issue at all.
Thank you for confirming that.
To the OP: in that case, I'd still recommend that you choose a distinct
kerberos realm like IPA.YOURCOMPANY.COM, with associated primary domain
"ipa.yourcompany.com", and let FreeIPA manage that domain so that it
sets up all the right SRV records for auto-discovery. But you don't
need to put any hosts inside that DNS domain at all.
This gives you the flexibility to set up future Kerberos realms like
AD.YOURCOMPANY.COM if you deploy Active Directory or Samba4 later.
Regards,
Brian.
More information about the Freeipa-users
mailing list