I'm wondering if anyone else has done something similar to us, and if so am
wondering how you went about it or if it is indeed at all possible.
Our situation is:
* We have a few VMs which are domain joined to "internal.local" which is an
Active Directory domain that we have no control over or administrative access
* We would like to install IPA on these VMs (replicated, with named for
DNS) with a separate domain called "dev.zone"
* Authentication to the VM itself via SSH should be carried out against
"internal.local" still – we will point our own services that we are going to
install like GitLab directly at the IPA server
* "dev.zone" will be setup as a conditional forwarder on the Active
Directory domain pointing at the IPA-installed named-pkcs11 service to do
resolution for this domain
My initial findings are that IPA installs fine but it changes some things in
* Adding in "dev.zone" realm
* Modifies the "default_realm" to be "dev.zone"
* Leaves the "[realm]" definition for "internal.local" but empties it of
the "kdc" and "admin_server" definitions
* Removes the kerberos tickets for "internal.local" that were in "net ads
This ultimately results in IPA working fine but authentication to the server
via SSH no longer works as it's looking to "dev.zone" now.
Is it possible to achieve what we're wanting to do? Can these two things
Wipro Limited (Company Regn No in UK FC 019088) Address: Level 2, West wing, 3
Sheldon Square, London W2 6PS, United Kingdom. Tel +44 20 7432 8500 Fax: +44 20
7286 5703 VAT Number: 563 1964 27 (Branch of Wipro Limited (Incorporated in
India at Bangalore with limited liability vide Reg no L99999KA1945PLC02800 with
Registrar of Companies at Bangalore, India. Authorized share capital Rs 5550
mn)) Please do not print this email unless it is absolutely necessary. The
information contained in this electronic message and any attachments to this
message are intended for the exclusive use of the addressee(s) and may contain
proprietary, confidential or privileged information. If you are not the
intended recipient, you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately and destroy all copies of this message and
any attachments. WARNING: Computer viruses can be transmitted via email. The
recipient should check this email and any attachments for the presence of
viruses. The company accepts no liability for any damage caused by any virus
transmitted by this email. www.wipro.com
FreeIPA-users mailing list -- email@example.com
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org