On 3.3.2016 13:26, Martin Basti wrote: > Hello, > > comments inline > > On 03.03.2016 13:11, Geselle Stijn wrote: >> >> Hello, >> >> We have a large Windows environment and around 50 RHEL servers (which will >> grow to a few hundred in the future). Our goal is to be able to login with >> our AD credentials and have sudo centrally managed. To be able to manage >> users and their access/permissions we are looking into IdM combined with a >> unidirectional non-transitive AD-trust so our existing AD users can >> authenticate on the RHEL servers. >> >> I have a few (high level) questions regarding the setup of IdM: >> >> 1)There is an integrated DNS component (BIND). Is this component required? >> Because we would like to keep DNS managed by Windows (A and CNAME records). >> I have seen that there’s a forward only policy, but what’s the point of >> that? Can’t we just directly use the Windows DNS then instead of forwarding, >> i.e. point the client’s nameservers to the Windows nameservers? I’m >> obviously missing something crucial, sorry J >> > DNS subsytem is optional, you can use windows DNS for IPA (manual > configuration needed for each replica)
Today we released new version of docs, please see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/ipa-linux-services.html#dns for further details regarding DNS. -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
