On Tue, Feb 11, 2014 at 08:29:43PM +0200, Genadi Postrilko wrote: > I work in environment where the AD is the DC of the windows machines , > while the linux machines (RHEL 5\6) are not centrally managed. > I would like to create an IPA server to manage the linux machines while > creating a trust with AD. > The current situation is all windows and linux machines are under > .zone.corp domain. > >From what ive read at > https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide.html, > i can create trust when IPA is a subdomain of AD domain or when the > domains are separate. I'm not sure what is the method i should approach. > Can IPA be a dc inside the AD domain? Or should i create a subdomain for > linux and then move all the linux machines to the new domain (I hope not).
I'm afraid you have to move the linux machines to a separate domain when you want to use trust. The reason is that Kerberos heavily depends DNS and e.g use the fully qualified host names and DNS SRV records to determine memberships to realm and KDCs in a realm. HTH bye, Sumit > > Any advice? > _______________________________________________ > Freeipa-users mailing list > Freeipaemail@example.com > https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users