Re: [Freeipa-users] IPA as subdomain, part of AD ?
On 16.5.2016 19:59, Simo Sorce wrote: > On Mon, 2016-05-16 at 17:00 +0100, lejeczek wrote: >> hi users/devel >> >> I'm trying to grasp the concepts - can IPA be plugged into AD domain, >> be part of it as a subdomain? > > No, the only trust type we handle is a Forest level trust, so FreeIPA > needs to be its own forest in AD terms. > >> I'm guessing it'd be quite common scenario, I see wiki describes >> opposite arrangement, but how##SELECTION_END## how to have IPA as >> ipa.activedir.local whereas activedir.local is top domain of an >> enterprise? >> Would this still be - setting cross-domain trust? > > It would still create a trust between 2 different forests, it's just so > happen that one of them will be in a DNS subdomain. > > For this to work, no other windows machine may have used the > ipa.activedir.local domain before. Please see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/trust-requirements.html -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] IPA as subdomain, part of AD ?
On Mon, 2016-05-16 at 17:00 +0100, lejeczek wrote: > hi users/devel > > I'm trying to grasp the concepts - can IPA be plugged into AD domain, > be part of it as a subdomain? No, the only trust type we handle is a Forest level trust, so FreeIPA needs to be its own forest in AD terms. > I'm guessing it'd be quite common scenario, I see wiki describes > opposite arrangement, but how##SELECTION_END## how to have IPA as > ipa.activedir.local whereas activedir.local is top domain of an > enterprise? > Would this still be - setting cross-domain trust? It would still create a trust between 2 different forests, it's just so happen that one of them will be in a DNS subdomain. For this to work, no other windows machine may have used the ipa.activedir.local domain before. Simo. -- Simo Sorce * Red Hat, Inc * New York -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] IPA as subdomain, part of AD ?
hi users/devel I'm trying to grasp the concepts - can IPA be plugged into AD domain, be part of it as a subdomain? I'm guessing it'd be quite common scenario, I see wiki describes opposite arrangement, but how##SELECTION_END## how to have IPA as ipa.activedir.local whereas activedir.local is top domain of an enterprise? Would this still be - setting cross-domain trust? many thanks L.-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project