On Tue, Aug 7, 2012 at 7:03 PM, KodaK <sako...@gmail.com> wrote:
> It's hard to tell with the obfuscation, but is your DOMAIN the same as
> the one handled by the domain controller vm-mapsdc2?

Indeed, it is....

> You can only have one Kerberos realm named DOMAIN.

How do they know about each other?

> For example, if you have the windows domain/Kerb realm MYCOMPANY.COM,
> you will not be able to have it coexist with an IPA server controlling
> the realm MYCOMPANY.COM.

That's quite unfortunate.  How can I work around this?  Can I create
the realm BLAH.MYCOMPANY.COM or maybe even NOTMYCOMPANY.COM without a
DNS domain to match, or will I need to interface with the DNS admins?
Is there a good document that describes the nature of these realms and
their relation to DNS?

> If it's an oldschool NT type domain you should be OK, but if it's
> Active Directory (which uses Kerberos) you can't do it.

It's an Active Directory domain.


Freeipa-users mailing list

Reply via email to