[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Fwd: Recommendations for Mixing Windows and non-Windows Domains?
I hope the duplication does not offend anyone. I just posted the
following on the kerberos@mit.edu list, but I suspect that many of
you may not actively follow that list.
I would appreciate any data or recommendations you can provide, but
please either respond on that list or directly to me.
Begin forwarded message:
> From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
> Date: November 29, 2007 5:07:06 PM PST
> To: kerberos <kerberos@mit.edu>
> Subject: Recommendations for Mixing Windows and non-Windows Domains?
>
> If you run a Windows Domain and you also use BIND and MIT (or
> Heimdal) for DNS/Kerberos then you must have a strategy for
> preventing them from stepping on each other. Can I ask people for
> thumbnail's of how you-all do that? What raw services are handled
> by which servers? Are there "magic" settings on the clients that
> make it work?
>
> Significant services (which may need duplication or conflict
> resolution between Unix and AD):
>
> Forward DNS -- I suspect you serve separate DNS domains from BIND
> vice AD servers
> Reverse DNS -- Which platform gets which IP numbers, i.e. do you
> mix or segregate them?
> DHCP -- 1 or 2 DHCP services, provided by which? Does DHCP care
> about platform?
> DynDNS -- How is this integrated with DHCP (plus the above question).
> Kerberos -- krb5.conf or DNS SRV?
> Cross-realm -- Set up? Server-side referrals implemented (outside
> the DC that is)?
>
> Client configuration questions:
>
> advertised DNS servers -- BIND, DC, mix, pre-configured or DHCP
> supplied?
> cross-realm -- [domain_realm] section or DNS records maintained?
>
> I'm just listing the things that I can think of. Please tell me
> what I haven't thought of!
>
> If you want to reply privately, I will try to summarize to the list.
------------------------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu