[Freeipa-users] Free IPA to Microsoft AD 2008R2 trust question
Alexander Bokovoy
abokovoy at redhat.com
Mon Oct 12 20:20:27 UTC 2015
On Mon, 12 Oct 2015, Andy Thompson wrote:
>
>
>> -----Original Message-----
>> From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-
>> bounces at redhat.com] On Behalf Of Hoffmaster, John
>> Sent: Monday, October 12, 2015 3:46 PM
>> To: freeipa-users at redhat.com
>> Subject: [Freeipa-users] Free IPA to Microsoft AD 2008R2 trust question
>>
>> Hi,
>>
>> The company I work for uses AD 2008R2 DC to resolve requests for
>> Unix/Linux servers in various environments, under one domain
>> example.com, with the Realm EXAMPLE.COM ?
>>
>> Is it possible to use Freeipa 4.1.0, with an g AD-Trust with only itself as a
>> name server and forwarding all DNS requests to the windows DC's and still
>> keep everything in the example.com domain without creating a child domain
>> like ipa.example.com ?
>>
>> http://www.freeipa.org/page/Active_Directory_trust_setup
>>
>> Add for RedHat 7, use hostnamectl set-hostname ipa.example.com
>>
>> and
>> change the install IPA server command to
>>
>> ipa-server-install -a mypassword1 -p mypassword2 --domain=example.com -
>> -realm=example.com --setup-dns --forwarder=AD_ipaddress
>>
>> Thanks,
>>
>
>No. The IPA domain has to be different than the AD domain.
This is true for any two separate Active Directory forests, and as IPA
represents itself as a separate AD forest for the trust relationship, it
is forced to follow Active Directory requirements.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list