We have a large Windows environment and around 50 RHEL servers (which will grow 
to a few hundred in the future). Our goal is to be able to login with our AD 
credentials and have sudo centrally managed. To be able to manage users and 
their access/permissions we are looking into IdM combined with a unidirectional 
non-transitive AD-trust so our existing AD users can authenticate on the RHEL 

I have a few (high level) questions regarding the setup of IdM:

1)      There is an integrated DNS component (BIND). Is this component 
required? Because we would like to keep DNS managed by Windows (A and CNAME 
records). I have seen that there's a forward only policy, but what's the point 
of that? Can't we just directly use the Windows DNS then instead of forwarding, 
i.e. point the client's nameservers to the Windows nameservers? I'm obviously 
missing something crucial, sorry :)

2)      A Certificate Authority will be installed as well. What's the function 
of this CA? Is it required? Can we do a CA-less setup? What are the limitations 
of a CA-less setup?

3)      Is IPv6 a requirement or can it be disabled?

4)      How could disaster recovery be implemented? Is it easy to backup and 

5)      Is it correct that we can achieve high availability by setting up a 
replica IdM server and configure the clients to use both servers?

Thank you if you can answer any (or maybe all, who knows!) of the questions 


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to