Alexander Bokovoy wrote:
You need to read this:
http://www.freeipa.org/page/V4/IPA_Client_in_Active_Directory_DNS_domain
to understand all limitations and problems.
This is technical description. For higher level, see
http://rhelblog.redhat.com/2016/07/13/i-really-cant-rename-my-hosts/
Thank you very much! Greatly appreciate the fast and useful responses on
this list -- the archive has been a huge help along with the RedHat IDM
documentation.
My primary use case is SSH login for users with credentials coming from
multiple AD Forests so it looks like I'm going down the path of "Option
3 – Use Indirect Integration with IdM" as referenced in the
http://rhelblog.redhat.com/2016/07/13/i-really-cant-rename-my-hosts/
blog posting -- seems like we lose quite a bit of Kerberos SSO features
but for now I'm OK with that. This is Free-IPA at the moment but will be
migrated to RHEL-IDM if successful.
Regards,
Chris
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
