I would not expect that there would be any problem with AD and IPA coexisting 
when the realm names are different, but I have heard reports that there are 
problems, especially when Linux clients are configured to use AD for DNS.  
Trying to figure out what the problem is.  I understand your delegated dns 
setup.  What if the customer must use AD for all DNS?  


On Feb 23, 2012, at 3:28 PM, Steven Jones <steven.jo...@vuw.ac.nz> wrote:

> Hi,
> Subnet? IP addressing will not matter its DNS as the main issue, for me 
> anyway.,  I cant see IP / sunbets matter?
> So, yes if you have AD as the same realm as IPA then only one will work well 
> from what I can read, IPA has to have its neat auto-discovery/balancing 
> features turned off, or at least hobbled.
> So, as an example I have vuw.ac.nz as the AD DNS domain/ kerberos realm and 
> then unix.vuw.ac.nz as the sub-domain/sub kerberos realm, with AD delegating 
> DNS to the IPA servers. This way the unix domain is "independent but 
> referenced...
> eg I find the auto-discovery is working fine...
> So windows clients talk to AD directly, linux clients talk to IPA directly, 
> if the linux clients need to  DNS the IPA servers get that for them from 
> AD.....
> I have some visio diagrams of how I have done it if you want them....it may 
> not be the best way? but with so little architecture info available its all I 
> have.
> regards
> Steven Jones
> Technical Specialist - Linux RHCE
> Victoria University, Wellington, NZ
> 0064 4 463 6272
> ________________________________
> From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
> behalf of Brian Cook [bc...@redhat.com]
> Sent: Friday, 24 February 2012 9:59 a.m.
> To: freeipa-users@redhat.com
> Subject: [Freeipa-users] need info on AD / IPA coexistence
> I have heard that we currently have problems with IPA and AD existing on the 
> same subnet, possibly only when using AD as DNS servers, possibly even when 
> the realm names are different.  I have not been able to find good concrete 
> information or BZ's regarding this.  I am looking for clarification as to 
> what problems exist, why, is it a bug or just a fact, is it our bug our is it 
> a MS-AD issue, etc.  I need to understand what is going on as I have 
> customers who are looking to deploy mixed IPA / AD environments.  Any help or 
> information would be appreciated.
> Thanks,
> Brian
> ---
> Brian Cook
> Solutions Architect, West Region
> Red Hat, Inc.
> 407-212-7079
> bc...@redhat.com<mailto:bc...@redhat.com>

Freeipa-users mailing list

Reply via email to