but Im getting hammered by my management for instant answers.......they asked 
last night and expect an answer this morning.....and I'm expected to catch up 
and deploy several important solutions/projects all hinging on IPA   ASAP.......

2.2 isnt in RHEL6.3 though?

Anyway I will leave it longer, but Qs seem to drop off the list pretty 


Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

From: Rob Crittenden [rcrit...@redhat.com]
Sent: Thursday, 21 June 2012 8:31 a.m.
To: Steven Jones
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Do clients have to be in teh same DNS zone / FQDN 
as the IPA servers / Kerberos Realm?

Steven Jones wrote:
> I assume with no reply, now one knows?

That's not really fair, it hasn't even been 24 hours.

> My IPA servers are say  ipa1 and 2.ipa.example.com
> I have existing linux servers that I would rather not change the FQDN on, say 
> server1.example.com Do I actually have to make the client 
> server1.ipa.example.com or can I leave it as is at server1.example.com? Would 
> that give any IPA problems? or is it just poor practice?

Yes, you should be able to enroll server1.example.com into the
ipa.example.com realm. You'll need a v2.2+ client for this to work. A
patch was added (contributed by a user, actually) that will add a domain
mapping to krb5.conf so this should work.


Freeipa-users mailing list

Reply via email to