On Wed, 2012-08-08 at 11:23 -0700, Rob Ogilvie wrote:
> So here's my plan, then... let me know if it seems like it'll make sense?
> -I'm going to uninstall everything IPA from the IPA server
> (ovm-auth.mycompany.com) after I unregister the client machines.
> -I'm going to set up the IPA server with a new realm;
> UNIX.MYCOMPANY.COM (do I need to have our DNS folks put an SRV record
> up there for that?  If so, what?)

If your DNS people want to manually mange DNS for you then they need to
create the unix.mydomain.com zone and manually create SRV and TXT
records for kerberos and ldap IPA servers.

If they want to avoid having to manage DNS for you they can delegate the
subdomain to you and you can install DNS integration in IPA so critical
DNS record are automatically managed for you.

For tests you can also just use the FreeIPA intyegrate DNS server and
create your own DNS server there the forwards to your official DNS
servers for any query out of unix.mydomain.com (you point it to your
current DNS server when install ask for forwarders).
If you do this you will have to point your IPA clients to your IPA
server for DNS. And unless you get a zone delegation only machine
spointing directly at your server in their resolv.conf will be able to
see the unix.mydomain.com zone.

> -I'm going to try registering testserver.mycompany.com server as part
> of the UNIX.MYCOMPANY.COM realm.
> Sound reasonable and/or sane?  :-)

for the ipa server it should be in the unix.mydomain.com DNS zone to be


Simo Sorce * Red Hat, Inc * New York

Freeipa-users mailing list

Reply via email to