On Mon, 12 Oct 2015, Andy Thompson wrote:

-----Original Message-----
From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-
boun...@redhat.com] On Behalf Of Hoffmaster, John
Sent: Monday, October 12, 2015 3:46 PM
To: freeipa-users@redhat.com
Subject: [Freeipa-users] Free IPA to Microsoft AD 2008R2 trust question


The company I work for  uses AD 2008R2 DC to resolve requests for
Unix/Linux servers in various environments, under one domain
example.com, with the Realm EXAMPLE.COM ?

Is it possible to use Freeipa 4.1.0, with an g AD-Trust with only itself as a
name server and forwarding all DNS requests to the windows DC's and still
keep everything in the example.com domain without creating a child domain
like  ipa.example.com ?


Add for RedHat 7, use hostnamectl set-hostname ipa.example.com

change the install IPA server  command to

ipa-server-install -a mypassword1 -p mypassword2 --domain=example.com -
-realm=example.com --setup-dns --forwarder=AD_ipaddress


No.  The IPA domain has to be different than the AD domain.
This is true for any two separate Active Directory forests, and as IPA
represents itself as a separate AD forest for the trust relationship, it
is forced to follow Active Directory requirements.

/ Alexander Bokovoy

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to