Hello,
I am in the middle of a project converting from OpenLDAP to FreeIPA.
The issue currently I am having is that I want to make this a
smooth transition for our development team who utilize openldap. The best
way I could do this would be to create an alias to the
cn=users,cn=accounts,dc=my
Hi all
I'm planning implementing a IPA server at a site where there is allready a
working Active directory domain.
I would still like the machines from AD and IPA live in the same DNS domain.
Example.
AD Domainname = foo.bar
AD KERBEROS realm = FOO.BAR
a Host principal would look like: host/host
On 05/08/2013 08:22 AM, bwellsnc wrote:
> Hello,
> I am in the middle of a project converting from OpenLDAP to
> FreeIPA. The issue currently I am having is that I want to make this
> a smooth transition for our development team who utilize openldap.
> The best way I could do this would be to
On 05/08/2013 12:41 PM, Johnny Westerlund wrote:
> Hi all
>
> I'm planning implementing a IPA server at a site where there is
> allready a working Active directory domain.
> I would still like the machines from AD and IPA live in the same DNS
> domain.
>
> Example.
> AD Domainname = foo.bar
> AD KE
On Wed, 2013-05-08 at 16:41 +, Johnny Westerlund wrote:
> Hi all
>
> I'm planning implementing a IPA server at a site where there is
> allready a working Active directory domain.
> I would still like the machines from AD and IPA live in the same DNS
> domain.
>
>
> Example.
> AD Domainname =
I was guessing as much,
I'ts just that all the existing servers are allready in an existing domain.
And changing hostnames / fqdn's for all those hosts would hurt.
The DNS "discover" process of the REALM is that based on the fqdn of the
principal or is it based on the kerberos realm name?
examp
On 05/08/2013 03:21 PM, Johnny Westerlund wrote:
> I was guessing as much,
> I'ts just that all the existing servers are allready in an existing domain.
> And changing hostnames / fqdn's for all those hosts would hurt.
>
>
> The DNS "discover" process of the REALM is that based on the fqdn of the
So how would one handle "out of domain principals" ?
example:
you have an internal domain: internal.ipa
and an external domain: company.com
You have a host that is external so it's hostname is host.company.com
You want to kerberize the webserver that runs on that host and access it by
it's "real"
the client picks Realm based on the domain name of the host.
you can control the behavior on the client via the KRB5.conf but the
assumption is you have 1 realm per domain or host.
>From man krb5.conf
"
DOMAIN_REALM SECTION
The [domain_realm] section provides a translation from a hostname