On ma, 07 elo 2017, Sameer Gurung via FreeIPA-users wrote:
Hi All,
I have a network consisting of both windows and linux clients running
windows server 2008 (active directory) and centos 7 (freeipa). Obviously,
the windows clients authenticate against the *AD DC* *(domain windows.foo)* and
the linux clients against *FreeIPA (Domain linux.bar)* . This setup is
working fine. However I now want to setup cross domain trust between the
two domains and had few doubts which I wanted to clear before I proceed.
I have gone through the steps of setting up this trust but I am not clear
about the following questions:
1. Am I right in thinking that I will have to add forwarders to the two
domains in the respective dns servers?
Standard DNS resolution rules apply here.
2. Which DNS do I set in my linux clients? Do they still resolve
against
the free IPA dns or the AD Dns?
Again, standard DNS resolution rules apply here. You
need to make sure
clients are capable to resolve all the host names properly. How you'd
achieve that is part of a normal DNS deployment practice, nothing
extraordinary here.
3. Also what will usernames will people use to login to the linux machines?
Do they need to specify only the username or the full
*username(a)windows.foo? *
The latter is a default. With sssd in RHEL 7.4 one can do
some sort of a
unqualified name mapping, provided that names are unique.
4. What about the existing freeipa users? and what if there are same
usernames in freeipa and AD DC
If names clash, then you should use either fully
qualified names or
define explicit ordering (with newer SSSD in RHEL 7.4) of the domains.
--
/ Alexander Bokovoy