On 05/08/2013 12:41 PM, Johnny Westerlund wrote:
> Hi all
> I'm planning implementing a IPA server at a site where there is
> allready a working Active directory domain.
> I would still like the machines from AD and IPA live in the same DNS
> AD Domainname = foo.bar
> AD KERBEROS realm = FOO.BAR
> a Host principal would look like: host/host1.foo....@foo.bar
> Now i would like to introduce the IPA server under a different realm
> name but for the same DNS name.
> IPA domainname = foo.bar
> IPA KERBEROS realm = LINUX.FOO.BAR (or what ever)
> a Host principal would look like: host/host2.foo....@linux.foo.bar
> So basicly i would register the hostnames / PTR records in the
> microsoft DNS and use the IPA kerberos REALM for authentication.
> Am i making any sense? is this asking for a world of hurt?
Yes this should be possible. Install it without DNS and point to AD DNS
during install. I do not recall the exact command line switches but it
should be clear from the ipa-server-install man page.
You would have to either add IPA server records to AD DNS or explicitly
configure clients to use static names for IPA servers. See
ipa-client-install --fixed-primary and --server switches in man pages.
> Freeipa-users mailing list
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
Looking to carve out IT costs?
Freeipa-users mailing list