On 3.3.2016 13:26, Martin Basti wrote:
> Hello,
> comments inline
> On 03.03.2016 13:11, Geselle Stijn wrote:
>> Hello,
>> We have a large Windows environment and around 50 RHEL servers (which will
>> grow to a few hundred in the future). Our goal is to be able to login with
>> our AD credentials and have sudo centrally managed. To be able to manage
>> users and their access/permissions we are looking into IdM combined with a
>> unidirectional non-transitive AD-trust so our existing AD users can
>> authenticate on the RHEL servers.
>> I have a few (high level) questions regarding the setup of IdM:
>> 1)There is an integrated DNS component (BIND). Is this component required?
>> Because we would like to keep DNS managed by Windows (A and CNAME records).
>> I have seen that there’s a forward only policy, but what’s the point of
>> that? Can’t we just directly use the Windows DNS then instead of forwarding,
>> i.e. point the client’s nameservers to the Windows nameservers? I’m
>> obviously missing something crucial, sorry J
> DNS subsytem is optional, you can use windows DNS for IPA (manual
> configuration needed for each replica)

Today we released new version of docs, please see


for further details regarding DNS.

Petr^2 Spacek

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to