Fwd: Recommendations for Mixing Windows and non-Windows Domains?

Henry B. Hotz hotz at jpl.nasa.gov
Thu Nov 29 20:21:07 EST 2007 

I hope the duplication does not offend anyone.  I just posted the  
following on the kerberos at mit.edu list, but I suspect that many of  
you may not actively follow that list.

I would appreciate any data or recommendations you can provide, but  
please either respond on that list or directly to me.

Begin forwarded message:
> From: "Henry B. Hotz" <hotz at jpl.nasa.gov>
> Date: November 29, 2007 5:07:06 PM PST
> To: kerberos <kerberos at mit.edu>
> Subject: Recommendations for Mixing Windows and non-Windows Domains?
>
> If you run a Windows Domain and you also use BIND and MIT (or  
> Heimdal) for DNS/Kerberos then you must have a strategy for  
> preventing them from stepping on each other.  Can I ask people for  
> thumbnail's of how you-all do that?  What raw services are handled  
> by which servers?  Are there "magic" settings on the clients that  
> make it work?
>
> Significant services (which may need duplication or conflict  
> resolution between Unix and AD):
>
> Forward DNS -- I suspect you serve separate DNS domains from BIND  
> vice AD servers
> Reverse DNS -- Which platform gets which IP numbers, i.e. do you  
> mix or segregate them?
> DHCP -- 1 or 2 DHCP services, provided by which?  Does DHCP care  
> about platform?
> DynDNS -- How is this integrated with DHCP (plus the above question).
> Kerberos -- krb5.conf or DNS SRV?
> Cross-realm -- Set up?  Server-side referrals implemented (outside  
> the DC that is)?
>
> Client configuration questions:
>
> advertised DNS servers -- BIND, DC, mix, pre-configured or DHCP  
> supplied?
> cross-realm -- [domain_realm] section or DNS records maintained?
>
> I'm just listing the things that I can think of.  Please tell me  
> what I haven't thought of!
>
> If you want to reply privately, I will try to summarize to the list.

------------------------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu

More information about the krbdev mailing list