On Wed, 2011-08-03 at 10:22 +0200, Ondrej Valousek wrote:
> Hi List,
> I have some questions regarding IPA:
> 1. On the IPA client side, which daemon is looking after machine
> Kerberos host/ principal renewal?
Keytabs are random secrets and do not need to expire as cracking them is
consider a problem out of current computational reach unlike users
passwords which use a much smaller set of values and is less randomic in
> 1. If I installed Samba4 on the IPA server, what would happen? Is
> it possible? Would I get 2xKDCs, 2xLDAP servers and 2x DNS
> server or is it possible for Samba4 to re-use the existing IPA
Nothing would work as they would want to use the same ports (LDAP, KDC,
kpasswd ...). No Samba4 cannot use FreeIPA's LDAP because Windows client
wants a perfect copy of AD's schema and DIT so samba4 has to use the
embedded LDAP and KDC.
> 1. Can I use the Adam's LDAP plugin for BIND to deploy a DNS
> server with Active Directory integrated zone running on Linux?
The bind-dyndb-ldap plugin can be used to store any kind of data. And it
properly allows bind to set record on DNS Updates. so yes, you can, but
you may want to use a tool to make it easier to modify LDAP records
Simo Sorce * Red Hat, Inc * New York
Freeipa-users mailing list