Joshua or Erinn, can either of you please help us improve the docs and file a bug for the Windows integration guide, about the section you are concerned with?
This is a direct link: https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%207&component=doc-Windows_Integration_Guide Thank you! Martin On 03/16/2015 09:56 PM, Gould, Joshua wrote: > FWIW, we have IPA working with AD managed DNS. As Alexander mentioned, > you¹ll need to have DNS properly configured. What I¹ve found is the most > critical is having the SRV records properly defined for the AD domain and > the IPA domains. I kind of wish the docs were a bit clearer on which of > the SRV records were needed. Ex. They list ldap but I didn¹t see any > mention of kerberos SRV records. > > On 3/16/15, 3:16 PM, "Erinn Looney-Triggs" <[email protected]> > wrote: > >> On Monday, March 16, 2015 09:13:56 PM Alexander Bokovoy wrote: >>> On Mon, 16 Mar 2015, Erinn Looney-Triggs wrote: >>>> Reading through the RHEL 7.1 documents on setting up a trust between >>> IPA >>>> and AD I came across a note that IPA had to be managing DNS in order >>> for >>>> this to work. Why is this? Is there any way around this? At this point >>> the >>>> DNS IPA would manage is DNSSEC signed and as such can't be managed by >>> IPA, >>>> it must be managed separately. >>> >>> It is unfortunate that documentation turns recommendations into a >>> mandatory statements. IPA deployment depends heavily on properly >>> configured DNS and we provide means to maintain DNS server with IPA >>> tools. This, however, doesn't mean DNS is required to be maintained by >>> IPA only. Instead, a properly maintained DNS setup is required, not that >>> it is set up and controlled by IPA means. >>> >>> It is easier in many cases to use IPA-managed DNS but if you know what >>> you are doing, all we ask is to have proper DNS entries in your DNS >>> infrastructure prior to using IPA commands which require these entries >>> to exist (or be created, had the DNS infrastructure been managed by >>> IPA). >> >> Ok thanks, I sort of figured that was probably the case, but I wanted to >> check >> to make sure. >> >> -Erinn > > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
