[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fwd: Recommendations for Mixing Windows and non-Windows Domains?



I hope the duplication does not offend anyone.  I just posted the  
following on the kerberos@mit.edu list, but I suspect that many of  
you may not actively follow that list.

I would appreciate any data or recommendations you can provide, but  
please either respond on that list or directly to me.

Begin forwarded message:
> From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
> Date: November 29, 2007 5:07:06 PM PST
> To: kerberos <kerberos@mit.edu>
> Subject: Recommendations for Mixing Windows and non-Windows Domains?
>
> If you run a Windows Domain and you also use BIND and MIT (or  
> Heimdal) for DNS/Kerberos then you must have a strategy for  
> preventing them from stepping on each other.  Can I ask people for  
> thumbnail's of how you-all do that?  What raw services are handled  
> by which servers?  Are there "magic" settings on the clients that  
> make it work?
>
> Significant services (which may need duplication or conflict  
> resolution between Unix and AD):
>
> Forward DNS -- I suspect you serve separate DNS domains from BIND  
> vice AD servers
> Reverse DNS -- Which platform gets which IP numbers, i.e. do you  
> mix or segregate them?
> DHCP -- 1 or 2 DHCP services, provided by which?  Does DHCP care  
> about platform?
> DynDNS -- How is this integrated with DHCP (plus the above question).
> Kerberos -- krb5.conf or DNS SRV?
> Cross-realm -- Set up?  Server-side referrals implemented (outside  
> the DC that is)?
>
> Client configuration questions:
>
> advertised DNS servers -- BIND, DC, mix, pre-configured or DHCP  
> supplied?
> cross-realm -- [domain_realm] section or DNS records maintained?
>
> I'm just listing the things that I can think of.  Please tell me  
> what I haven't thought of!
>
> If you want to reply privately, I will try to summarize to the list.

------------------------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu