[Freeipa-users] Do clients have to be in teh same DNS zone / FQDN as the IPA servers / Kerberos Realm?
Rob Crittenden
rcritten at redhat.com
Wed Jun 20 20:31:09 UTC 2012
Steven Jones wrote:
> I assume with no reply, now one knows?
That's not really fair, it hasn't even been 24 hours.
> My IPA servers are say ipa1 and 2.ipa.example.com
>
> I have existing linux servers that I would rather not change the FQDN on, say server1.example.com Do I actually have to make the client server1.ipa.example.com or can I leave it as is at server1.example.com? Would that give any IPA problems? or is it just poor practice?
Yes, you should be able to enroll server1.example.com into the
ipa.example.com realm. You'll need a v2.2+ client for this to work. A
patch was added (contributed by a user, actually) that will add a domain
mapping to krb5.conf so this should work.
rob
More information about the Freeipa-users
mailing list