Suppose we would "bite the bullet" and *move* IPA to another domain. This
would be a subdomain (IPA.MYCOMP.EDU). I have to install 2 new IPA servers.
No problems there. However, I have to migrate the data. That is a real
problem, I think. For HBAC rules, SUDO rules, etc we can do this manually.
How
On Sun, 2013-09-22 at 18:09 +0200, Fred van Zwieten wrote:
> Well, as explained in this thread, the problem here is that we have an
> IPA domain named "MYCOMP.EDU" _and_ an AD domain named "MYCOMP.EDU" as
> well. Both have there own DNS servers. It's beyond the scope of this
> mail to explain why w
On Sun, 22 Sep 2013, Fred van Zwieten wrote:
Well, as explained in this thread, the problem here is that we have an IPA
domain named "MYCOMP.EDU" _and_ an AD domain named "MYCOMP.EDU" as well.
Both have there own DNS servers. It's beyond the scope of this mail to
explain why we have named them ex
Well, as explained in this thread, the problem here is that we have an IPA
domain named "MYCOMP.EDU" _and_ an AD domain named "MYCOMP.EDU" as well.
Both have there own DNS servers. It's beyond the scope of this mail to
explain why we have named them exactly the same, and we do wish we didn't,
but t
On Sat, 21 Sep 2013, Fred van Zwieten wrote:
Hold on. This has, in principle, nothing to do with FreeIPA. I have a SAMBA
server that I make a NT-4 style PDC en build a trust with an AD domain. The
only thing is that the SAMBA service runs on a server that is an
IPA-client. In this setup the syste
Hold on. This has, in principle, nothing to do with FreeIPA. I have a SAMBA
server that I make a NT-4 style PDC en build a trust with an AD domain. The
only thing is that the SAMBA service runs on a server that is an
IPA-client. In this setup the system is member of IPA and the SAMBA service
runnin
On Sat, 21 Sep 2013, Fred van Zwieten wrote:
OK,
I know this is an old thread, but I just got a new idea.
What if I create a NT4 style domain on our SAMBA servers, So I have a Samba
NT4 style PDC. Then I create a NT4 style trust with the AD domain. This
way, I don't use kerberos nor DNS SRV rec
OK,
I know this is an old thread, but I just got a new idea.
What if I create a NT4 style domain on our SAMBA servers, So I have a Samba
NT4 style PDC. Then I create a NT4 style trust with the AD domain. This
way, I don't use kerberos nor DNS SRV records, both of which are needed if
I would go th
On Wed, 03 Jul 2013, Fred van Zwieten wrote:
1. Do you have the same realms for both IPA and AD?
Yes.
2. Do you have exactly same DNS domains for both IPA and AD?
Also yes. Because of this we must, for now, maintain 2 seperate DNS
implementations: one for AD and one for IPA, because otherwise th
1. Do you have the same realms for both IPA and AD?
Yes.
2. Do you have exactly same DNS domains for both IPA and AD?
Also yes. Because of this we must, for now, maintain 2 seperate DNS
implementations: one for AD and one for IPA, because otherwise the service
records would name-clash.
If I get c
On Wed, 03 Jul 2013, Fred van Zwieten wrote:
Hi there,
We have an IPA domain and an AD domain with the exact same domain name.
This was set up like this because we had the idea at the time that we
wanted to migrate all AD to IPA. This is still the long term goal, but we
need to postpone that.
A
11 matches
Mail list logo
