My Linux/LDAP domain is lnx.e-bozo.com. The AD domain is ad.e-bozo.com.
This has always been the case. I set up my FreeIPA server in the
lnx.e-bozo.com domain using realm LNX.E-BOZO.COM. In light of this, how
should I proceed?
On Mon, Dec 8, 2014 at 9:48 AM, Simo Sorce <s...@redhat.com> wrote:
> On Mon, 08 Dec 2014 08:58:46 -0500
> Dmitri Pal <d...@redhat.com> wrote:
> > > Perhaps I should have explained that we are not going to set up a
> > > new DNS domain for the ipa-managed servers.
> Note that if you cannot set up a new DNS domain and this domain is the
> same as the AD domain then you cannot to the stuff Dmitri describe
> below. The only way to have accounts on freeipa in this case is to use
> the winsync method, which has a number of limitation.
> Also clients will be rather confused when you try to
> ipa-client-install as they will find AD servers instead of ipa servers,
> finally you'll have to use a different realm name for the IPA domain,
> one that doesn't match the AD domain.
> > > We have an Oracle dsee7
> > > server doing LDAP for our Linux servers and accounts. We want to
> > > migrate to IPA so we don't have to maintain a Linux/LDAP account
> > > for every user who needs access to Linux servers. All of our users
> > > start with an account in AD and since none of my predecessors knew
> > > about Winbind, they set up dsee7.
> > >
> > > So I'm thinking we'll need to import all our dsee7 accounts AND
> > > make it possible for AD users to access the Linux systems without
> > > needing to create them in IPA.
> > So the approach would be:
> > 1) Install IPA (do not migrate users)
> > 2) Establish trust with AD
> > 3) Start switching client configuration from using LDAP with dsee7 to
> > SSSD pointing to IPA
> > You do not need to migrate users.
> Simo Sorce * Red Hat, Inc * New York
> Manage your subscription for the Freeipa-users mailing list:
> Go To http://freeipa.org for more info on the project
If life gives you melons, you may be dyslexic.
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project