I would not expect that there would be any problem with AD and IPA coexisting when the realm names are different, but I have heard reports that there are problems, especially when Linux clients are configured to use AD for DNS. Trying to figure out what the problem is. I understand your delegated dns setup. What if the customer must use AD for all DNS?
-Brian On Feb 23, 2012, at 3:28 PM, Steven Jones <steven.jo...@vuw.ac.nz> wrote: > Hi, > > Subnet? IP addressing will not matter its DNS as the main issue, for me > anyway., I cant see IP / sunbets matter? > > So, yes if you have AD as the same realm as IPA then only one will work well > from what I can read, IPA has to have its neat auto-discovery/balancing > features turned off, or at least hobbled. > > So, as an example I have vuw.ac.nz as the AD DNS domain/ kerberos realm and > then unix.vuw.ac.nz as the sub-domain/sub kerberos realm, with AD delegating > DNS to the IPA servers. This way the unix domain is "independent but > referenced... > > eg I find the auto-discovery is working fine... > > So windows clients talk to AD directly, linux clients talk to IPA directly, > if the linux clients need to DNS the IPA servers get that for them from > AD..... > > I have some visio diagrams of how I have done it if you want them....it may > not be the best way? but with so little architecture info available its all I > have. > > > regards > > Steven Jones > > Technical Specialist - Linux RHCE > > Victoria University, Wellington, NZ > > 0064 4 463 6272 > > ________________________________ > From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on > behalf of Brian Cook [bc...@redhat.com] > Sent: Friday, 24 February 2012 9:59 a.m. > To: freeipa-users@redhat.com > Subject: [Freeipa-users] need info on AD / IPA coexistence > > I have heard that we currently have problems with IPA and AD existing on the > same subnet, possibly only when using AD as DNS servers, possibly even when > the realm names are different. I have not been able to find good concrete > information or BZ's regarding this. I am looking for clarification as to > what problems exist, why, is it a bug or just a fact, is it our bug our is it > a MS-AD issue, etc. I need to understand what is going on as I have > customers who are looking to deploy mixed IPA / AD environments. Any help or > information would be appreciated. > > Thanks, > Brian > > --- > Brian Cook > Solutions Architect, West Region > Red Hat, Inc. > 407-212-7079 > bc...@redhat.com<mailto:bc...@redhat.com> > _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
