> On pe, 30 huhti 2021, iulian roman via FreeIPA-users wrote: > > Correct -- in any DNS domain owned by your IPA deployment. > > It is unfortunate that there is a confusion between AD domain and DNS > domain terminology-wise. AD domain may "own" several DNS domains, as > described in the AD domain topology, but it is not required to host DNS > services for those, in general. For the purpose of trust to Active > Directory, IPA deployment represents a separate AD forest with at least > one DNS domain owned by the forest root of IPA (=ipadev.example.local in > your case). It may include many others but those DNS domains must not be > overlapped with the DNS domains owned by a different AD forest, > especially a trusted one. > > Who serves DNS domains over DNS protocol is irrelevant here. > > Please see [MS-ADOD] for more details and requirements. > > > [MS-ADOD] > https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adod/c3b2...
Thank you Alexander. I have moved the ipa servers in the ipadev.example.local. I now have to figure out how can I SSO between non-ipa clients which are in the DNS domain .example.local (example putty from windows machines in .example.local to Linux ipa clients). _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
