What about adding alias DNS record of hostname.ipa.zone.corp to all linux machines, so they will keep the old FQDM. On Feb 12, 2014 10:49 AM, "Martin Kosek" <[email protected]> wrote:
> On 02/11/2014 07:29 PM, Genadi Postrilko wrote: > > I work in environment where the AD is the DC of the windows machines , > > while the linux machines (RHEL 5\6) are not centrally managed. > > I would like to create an IPA server to manage the linux machines while > > creating a trust with AD. > > The current situation is all windows and linux machines are under > > .zone.corp domain. > >>From what ive read at > > > https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide.html > , > > i can create trust when IPA is a subdomain of AD domain or when the > > domains are separate. I'm not sure what is the method i should approach. > > Can IPA be a dc inside the AD domain? Or should i create a subdomain for > > linux and then move all the linux machines to the new domain (I hope > not). > > > > Any advice? > > The key here is that for IPA and AD to be able to work together in a trust, > they need to be in separate domains with realm matching this domains. In > your > case, it seems to me that a following scenario would work the best: > > * AD with domain zone.corp and realm ZONE.CORP > * IPA with domain ipa.zone.corp and realm IPA.ZONE.CORP > > Ideally, IPA should have DNS installed and have the ipa.zone.corp delegated > from the AD DNS (or other DNS you use). > > More info here: > http://www.freeipa.org/page/Trusts > > Martin >
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
