On Tue, Aug 7, 2012 at 7:03 PM, KodaK <sako...@gmail.com> wrote: > It's hard to tell with the obfuscation, but is your DOMAIN the same as > the one handled by the domain controller vm-mapsdc2?
Indeed, it is.... > You can only have one Kerberos realm named DOMAIN. How do they know about each other? > For example, if you have the windows domain/Kerb realm MYCOMPANY.COM, > you will not be able to have it coexist with an IPA server controlling > the realm MYCOMPANY.COM. That's quite unfortunate. How can I work around this? Can I create the realm BLAH.MYCOMPANY.COM or maybe even NOTMYCOMPANY.COM without a DNS domain to match, or will I need to interface with the DNS admins? Is there a good document that describes the nature of these realms and their relation to DNS? > If it's an oldschool NT type domain you should be OK, but if it's > Active Directory (which uses Kerberos) you can't do it. It's an Active Directory domain. Rob _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users