On 3.3.2016 13:26, Martin Basti wrote:
> Hello,
> 
> comments inline
> 
> On 03.03.2016 13:11, Geselle Stijn wrote:
>>
>> Hello,
>>
>> We have a large Windows environment and around 50 RHEL servers (which will
>> grow to a few hundred in the future). Our goal is to be able to login with
>> our AD credentials and have sudo centrally managed. To be able to manage
>> users and their access/permissions we are looking into IdM combined with a
>> unidirectional non-transitive AD-trust so our existing AD users can
>> authenticate on the RHEL servers.
>>
>> I have a few (high level) questions regarding the setup of IdM:
>>
>> 1)There is an integrated DNS component (BIND). Is this component required?
>> Because we would like to keep DNS managed by Windows (A and CNAME records).
>> I have seen that there’s a forward only policy, but what’s the point of
>> that? Can’t we just directly use the Windows DNS then instead of forwarding,
>> i.e. point the client’s nameservers to the Windows nameservers? I’m
>> obviously missing something crucial, sorry J
>>
> DNS subsytem is optional, you can use windows DNS for IPA (manual
> configuration needed for each replica)

Today we released new version of docs, please see

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/ipa-linux-services.html#dns

for further details regarding DNS.

-- 
Petr^2 Spacek

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to