If you run a Windows Domain and you also use BIND and MIT (or Heimdal) for DNS/Kerberos then you must have a strategy for preventing them from stepping on each other. Can I ask people for thumbnail's of how you-all do that? What raw services are handled by which servers? Are there "magic" settings on the clients that make it work?
Significant services (which may need duplication or conflict resolution between Unix and AD): Forward DNS -- I suspect you serve separate DNS domains from BIND vice AD servers Reverse DNS -- Which platform gets which IP numbers, i.e. do you mix or segregate them? DHCP -- 1 or 2 DHCP services, provided by which? Does DHCP care about platform? DynDNS -- How is this integrated with DHCP (plus the above question). Kerberos -- krb5.conf or DNS SRV? Cross-realm -- Set up? Server-side referrals implemented (outside the DC that is)? Client configuration questions: advertised DNS servers -- BIND, DC, mix, pre-configured or DHCP supplied? cross-realm -- [domain_realm] section or DNS records maintained? I'm just listing the things that I can think of. Please tell me what I haven't thought of! If you want to reply privately, I will try to summarize to the list. ------------------------------------------------------------------------ The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. [EMAIL PROTECTED], or [EMAIL PROTECTED] ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
