On Срд, 09 жні 2023, Alan Latteri via FreeIPA-users wrote:
Thank you for the reply.
What is the proper way to approach setting up a fresh IPA environment,
trying to following best practices of having IPA and AD in separate
subdomains?
I'm a bit confused on how to approach, if I'd like to be able to serve
apex domain from IPA.
According to best practice documentation, IPA and AD should be in
separate subdomains. For instance, ipaserver.ipa.example.com and
adserver.ad.example.com. This would instigate the original apex domain
issue.
Sorry for any level of ignorance here. Trying my best to plan out a
future proof deployment.
If you want to add example.com and your IPA server is in
ipa.example.com, then use a 'fake' host name for IPA server in
example.com to specify NS record.
Something like:
ipa-ns.example.com. 300 IN A 192.168.100.146
ipa.example.com. 86400 IN NS ipa-ns.example.com.
The only downside is to make sure ipa-ns.example.com gets updated
manually when IPA server actual address changes.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
