On Mon, 12 Oct 2015, Andy Thompson wrote:
From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-
boun...@redhat.com] On Behalf Of Hoffmaster, John
Sent: Monday, October 12, 2015 3:46 PM
Subject: [Freeipa-users] Free IPA to Microsoft AD 2008R2 trust question
The company I work for uses AD 2008R2 DC to resolve requests for
Unix/Linux servers in various environments, under one domain
example.com, with the Realm EXAMPLE.COM ?
Is it possible to use Freeipa 4.1.0, with an g AD-Trust with only itself as a
name server and forwarding all DNS requests to the windows DC's and still
keep everything in the example.com domain without creating a child domain
like ipa.example.com ?
Add for RedHat 7, use hostnamectl set-hostname ipa.example.com
change the install IPA server command to
ipa-server-install -a mypassword1 -p mypassword2 --domain=example.com -
-realm=example.com --setup-dns --forwarder=AD_ipaddress
No. The IPA domain has to be different than the AD domain.
This is true for any two separate Active Directory forests, and as IPA
represents itself as a separate AD forest for the trust relationship, it
is forced to follow Active Directory requirements.
/ Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project