On 27/10/2016 09:30, Alexander Bokovoy wrote:
Yes, you can do that, there is no issue at all.
Thank you for confirming that.
To the OP: in that case, I'd still recommend that you choose a distinct
kerberos realm like IPA.YOURCOMPANY.COM, with associated primary domain
"ipa.yourcompany.com", and let FreeIPA manage that domain so that it
sets up all the right SRV records for auto-discovery. But you don't
need to put any hosts inside that DNS domain at all.
This gives you the flexibility to set up future Kerberos realms like
AD.YOURCOMPANY.COM if you deploy Active Directory or Samba4 later.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project