Recommendations for Mixing Windows and non-Windows Domains?
Henry B. Hotz
hotz at jpl.nasa.gov
Thu Nov 29 20:07:06 EST 2007
If you run a Windows Domain and you also use BIND and MIT (or
Heimdal) for DNS/Kerberos then you must have a strategy for
preventing them from stepping on each other. Can I ask people for
thumbnail's of how you-all do that? What raw services are handled by
which servers? Are there "magic" settings on the clients that make
it work?
Significant services (which may need duplication or conflict
resolution between Unix and AD):
Forward DNS -- I suspect you serve separate DNS domains from BIND
vice AD servers
Reverse DNS -- Which platform gets which IP numbers, i.e. do you mix
or segregate them?
DHCP -- 1 or 2 DHCP services, provided by which? Does DHCP care
about platform?
DynDNS -- How is this integrated with DHCP (plus the above question).
Kerberos -- krb5.conf or DNS SRV?
Cross-realm -- Set up? Server-side referrals implemented (outside
the DC that is)?
Client configuration questions:
advertised DNS servers -- BIND, DC, mix, pre-configured or DHCP
supplied?
cross-realm -- [domain_realm] section or DNS records maintained?
I'm just listing the things that I can think of. Please tell me what
I haven't thought of!
If you want to reply privately, I will try to summarize to the list.
------------------------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
More information about the Kerberos
mailing list