On Wed, 2012-08-08 at 11:23 -0700, Rob Ogilvie wrote: > So here's my plan, then... let me know if it seems like it'll make sense? > > -I'm going to uninstall everything IPA from the IPA server > (ovm-auth.mycompany.com) after I unregister the client machines. > > -I'm going to set up the IPA server with a new realm; > UNIX.MYCOMPANY.COM (do I need to have our DNS folks put an SRV record > up there for that? If so, what?)
If your DNS people want to manually mange DNS for you then they need to create the unix.mydomain.com zone and manually create SRV and TXT records for kerberos and ldap IPA servers. If they want to avoid having to manage DNS for you they can delegate the subdomain to you and you can install DNS integration in IPA so critical DNS record are automatically managed for you. For tests you can also just use the FreeIPA intyegrate DNS server and create your own DNS server there the forwards to your official DNS servers for any query out of unix.mydomain.com (you point it to your current DNS server when install ask for forwarders). If you do this you will have to point your IPA clients to your IPA server for DNS. And unless you get a zone delegation only machine spointing directly at your server in their resolv.conf will be able to see the unix.mydomain.com zone. > -I'm going to try registering testserver.mycompany.com server as part > of the UNIX.MYCOMPANY.COM realm. > > Sound reasonable and/or sane? :-) for the ipa server it should be in the unix.mydomain.com DNS zone to be useful. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users