On 12/16/2014 02:24 AM, Eivind Olsen wrote:

I have so far been running IPA on RHEL6, with a single domain (and a
matching realm). I now have a use-case where it looks like I'll need to
set up a new IPA realm, with the IPA servers in one DNS domain and the IPA
clients in multiple (2-4) other domains.
The servers will be running RHEL6 or RHEL7 with the bundled IPA.
The clients are running mainly RHEL5 and RHEL6, and have hostnames that
don't exist in DNS.

So how would be these hosts resolved?
If you want them to be integrated with IPA using SSSD they need to be resolvable by the server which would require some kind of DNS entry.

If you plan to use older tools on those clients like nss-pam-ldap I do not think there will be an issue but then you loose a lot of value of IPA/SSSD.

Are there any known issues with this type of setup? I know, it sounds a
bit hairy, but apart from that? :)

Eivind Olsen

Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to