Subnet? IP addressing will not matter its DNS as the main issue, for me 
anyway.,  I cant see IP / sunbets matter?

So, yes if you have AD as the same realm as IPA then only one will work well 
from what I can read, IPA has to have its neat auto-discovery/balancing 
features turned off, or at least hobbled.

So, as an example I have vuw.ac.nz as the AD DNS domain/ kerberos realm and 
then unix.vuw.ac.nz as the sub-domain/sub kerberos realm, with AD delegating 
DNS to the IPA servers. This way the unix domain is "independent but 

eg I find the auto-discovery is working fine...

So windows clients talk to AD directly, linux clients talk to IPA directly, if 
the linux clients need to  DNS the IPA servers get that for them from AD.....

I have some visio diagrams of how I have done it if you want them....it may not 
be the best way? but with so little architecture info available its all I have.


Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
behalf of Brian Cook [bc...@redhat.com]
Sent: Friday, 24 February 2012 9:59 a.m.
To: freeipa-users@redhat.com
Subject: [Freeipa-users] need info on AD / IPA coexistence

I have heard that we currently have problems with IPA and AD existing on the 
same subnet, possibly only when using AD as DNS servers, possibly even when the 
realm names are different.  I have not been able to find good concrete 
information or BZ's regarding this.  I am looking for clarification as to what 
problems exist, why, is it a bug or just a fact, is it our bug our is it a 
MS-AD issue, etc.  I need to understand what is going on as I have customers 
who are looking to deploy mixed IPA / AD environments.  Any help or information 
would be appreciated.


Brian Cook
Solutions Architect, West Region
Red Hat, Inc.

Freeipa-users mailing list

Reply via email to