OK, I know that the AD-DC and the IDM servers need matching Kerberos realm and DNS domain names Let's say AD.FOO.BAR.URP / IDM.FOO.BAR.URP for Kerberos and ad.foo.bar.urp / idm.foo.bar.urp for DNS I am using 4 labels to parallel the environment for which this is intended.
The DNS domain for the environment is foo.bar.urp and there is currently no FOO.BAR.URP AD-DC, but we eventually expect one from "Upstream" and hope to make AD.FOO.BAR.URP a Kerberos sub-realm/domain of it AD.FOO.BAR.URP and ad.foo.bar.urp were created. IDM.FOO.BAR.URP and idm.foo.bar.urp will be created shortly and connected by a cross-forest trust. These, of course, will be sub-domains to AD.FOO.BAR.URP/ad.foo.bar.urp The confuzzlepation is about client domain names. Do Linux clients need to use the idm.foo.bar.urp DNS domain or can they just use foo.bar.urp ? Same question for non-Linux clients -- ad.foo.bar.urp DNS domain or can they just use foo.bar.urp ? And does the lack of the "parent" Kerberos realm/domain FOO.BAR.URP complicate the matter ? ______________________________________________________________________________________________ Daniel E. White [email protected]<mailto:[email protected]> NASCOM Linux Engineer NASA Goddard Space Flight Center Science Applications International Corporation (SAIC) Office: (301) 286-6919 Mobile: (240) 513-5290
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
