On Sun, 2013-12-29 at 10:33 +0000, Andrew Holway wrote:
> I am trying to work out how to organise some domain controllers. I
> understand that you can only have one domain controller per domain and
> one domain per domain controller.
> corp.com is controlled by a corporate active directory. We would like
> to create two linux subdomains controlled by freeipa however we don't
> (yet) require any trust between the corporate active directory and
> However as these are effectively two domains I believe each would
> require its own freeIPA server.
> Is it true that, in order to support these two subdomains we would
> have to put them under a 'master' subdomain to give them a common
> domain element?
No it is not necessary to have 2 different domains, unlike Active
Directory, FreeIPA can manage clients in multiple DNS domains within a
single REALM. It requires a bit of caution in setting up FreeIPA, and in
some cases some configuration in older clients to associate the REALM to
the DNS name, but it is possible to have a single domain serve multiple
Also it is not true you can have only one Domain Controlle rper Domain,
you can have multiple DCs per Domain that replicate data between them.
FreeIPA in particular supports only multi-master configurations.
Simo Sorce * Red Hat, Inc * New York
Freeipa-users mailing list