Recommendations for Mixing Windows and non-Windows Domains?

C.J. Adams-Collier cjcollier at gmail.com
Thu Nov 29 23:05:01 EST 2007 

I for one wouldn't mind the heimdal-discuss list being CC'd on responses.  I
may end up using windows one of these days, and if nothing else, I can use
the information to play nice with the corporate network infrastructure
during the day job.

On Nov 29, 2007 5:21 PM, Henry B. Hotz <hotz at jpl.nasa.gov> wrote:

> I hope the duplication does not offend anyone.  I just posted the
> following on the kerberos at mit.edu list, but I suspect that many of
> you may not actively follow that list.
>
> I would appreciate any data or recommendations you can provide, but
> please either respond on that list or directly to me.
>
> Begin forwarded message:
> > From: "Henry B. Hotz" <hotz at jpl.nasa.gov>
> > Date: November 29, 2007 5:07:06 PM PST
> > To: kerberos <kerberos at mit.edu>
> > Subject: Recommendations for Mixing Windows and non-Windows Domains?
> >
> > If you run a Windows Domain and you also use BIND and MIT (or
> > Heimdal) for DNS/Kerberos then you must have a strategy for
> > preventing them from stepping on each other.  Can I ask people for
> > thumbnail's of how you-all do that?  What raw services are handled
> > by which servers?  Are there "magic" settings on the clients that
> > make it work?
> >
> > Significant services (which may need duplication or conflict
> > resolution between Unix and AD):
> >
> > Forward DNS -- I suspect you serve separate DNS domains from BIND
> > vice AD servers
> > Reverse DNS -- Which platform gets which IP numbers, i.e. do you
> > mix or segregate them?
> > DHCP -- 1 or 2 DHCP services, provided by which?  Does DHCP care
> > about platform?
> > DynDNS -- How is this integrated with DHCP (plus the above question).
> > Kerberos -- krb5.conf or DNS SRV?
> > Cross-realm -- Set up?  Server-side referrals implemented (outside
> > the DC that is)?
> >
> > Client configuration questions:
> >
> > advertised DNS servers -- BIND, DC, mix, pre-configured or DHCP
> > supplied?
> > cross-realm -- [domain_realm] section or DNS records maintained?
> >
> > I'm just listing the things that I can think of.  Please tell me
> > what I haven't thought of!
> >
> > If you want to reply privately, I will try to summarize to the list.
>
> ------------------------------------------------------------------------
> The opinions expressed in this message are mine,
> not those of Caltech, JPL, NASA, or the US Government.
> Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
>
>


-- 
moo.

More information about the krbdev mailing list