Re: [Freeipa-users] Choosing the right way to create trust

2014-02-12 Thread Petr Spacek
On 12.2.2014 21:49, Genadi Postrilko wrote: Client's local hostname must match the DNS A record? I would recommend you to try it and report results. We can't be sure what will happen (in Kerberos libraries and applications) until you try that. -- Petr^2 Spacek __

Re: [Freeipa-users] Choosing the right way to create trust

2014-02-12 Thread Genadi Postrilko
Client's local hostname must match the DNS A record? ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Choosing the right way to create trust

2014-02-12 Thread Sumit Bose
On Wed, Feb 12, 2014 at 11:45:50AM +0100, Petr Spacek wrote: > On 12.2.2014 11:32, Alexander Bokovoy wrote: > >On Wed, 12 Feb 2014, Genadi Postrilko wrote: > >>What about adding alias DNS record of hostname.ipa.zone.corp to all linux > >>machines, so they will keep the old FQDM. > >What would it gi

Re: [Freeipa-users] Choosing the right way to create trust

2014-02-12 Thread Petr Spacek
On 12.2.2014 11:32, Alexander Bokovoy wrote: On Wed, 12 Feb 2014, Genadi Postrilko wrote: What about adding alias DNS record of hostname.ipa.zone.corp to all linux machines, so they will keep the old FQDM. What would it give to you? AD DC uses FQDN to decide which KDC is responsible to issue T

Re: [Freeipa-users] Choosing the right way to create trust

2014-02-12 Thread Alexander Bokovoy
On Wed, 12 Feb 2014, Genadi Postrilko wrote: What about adding alias DNS record of hostname.ipa.zone.corp to all linux machines, so they will keep the old FQDM. What would it give to you? AD DC uses FQDN to decide which KDC is responsible to issue TGT (and other tickets). If it belongs to its o

Re: [Freeipa-users] Choosing the right way to create trust

2014-02-12 Thread Genadi Postrilko
What about adding alias DNS record of hostname.ipa.zone.corp to all linux machines, so they will keep the old FQDM. On Feb 12, 2014 10:49 AM, "Martin Kosek" wrote: > On 02/11/2014 07:29 PM, Genadi Postrilko wrote: > > I work in environment where the AD is the DC of the windows machines , > > whil

Re: [Freeipa-users] Choosing the right way to create trust

2014-02-12 Thread Martin Kosek
On 02/11/2014 07:29 PM, Genadi Postrilko wrote: > I work in environment where the AD is the DC of the windows machines , > while the linux machines (RHEL 5\6) are not centrally managed. > I would like to create an IPA server to manage the linux machines while > creating a trust with AD. > The curre

Re: [Freeipa-users] Choosing the right way to create trust

2014-02-12 Thread Sumit Bose
On Tue, Feb 11, 2014 at 08:29:43PM +0200, Genadi Postrilko wrote: > I work in environment where the AD is the DC of the windows machines , > while the linux machines (RHEL 5\6) are not centrally managed. > I would like to create an IPA server to manage the linux machines while > creating a trust wi

[Freeipa-users] Choosing the right way to create trust

2014-02-11 Thread Genadi Postrilko
I work in environment where the AD is the DC of the windows machines , while the linux machines (RHEL 5\6) are not centrally managed. I would like to create an IPA server to manage the linux machines while creating a trust with AD. The current situation is all windows and linux machines are under .