[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fwd: Recommendations for Mixing Windows and non-Windows Domains?

To: Heimdal discuss <heimdal-discuss@sics.se>, krbdev@mit.edu, kerberos-discuss@opensolaris.org
Subject: Fwd: Recommendations for Mixing Windows and non-Windows Domains?
From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
Date: Thu, 29 Nov 2007 17:21:07 -0800
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
Reply-To: heimdal-discuss@sics.se, "Henry B. Hotz" <hotz@jpl.nasa.gov>

I hope the duplication does not offend anyone.  I just posted the  
following on the kerberos@mit.edu list, but I suspect that many of  
you may not actively follow that list.

I would appreciate any data or recommendations you can provide, but  
please either respond on that list or directly to me.

Begin forwarded message:
> From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
> Date: November 29, 2007 5:07:06 PM PST
> To: kerberos <kerberos@mit.edu>
> Subject: Recommendations for Mixing Windows and non-Windows Domains?
>
> If you run a Windows Domain and you also use BIND and MIT (or  
> Heimdal) for DNS/Kerberos then you must have a strategy for  
> preventing them from stepping on each other.  Can I ask people for  
> thumbnail's of how you-all do that?  What raw services are handled  
> by which servers?  Are there "magic" settings on the clients that  
> make it work?
>
> Significant services (which may need duplication or conflict  
> resolution between Unix and AD):
>
> Forward DNS -- I suspect you serve separate DNS domains from BIND  
> vice AD servers
> Reverse DNS -- Which platform gets which IP numbers, i.e. do you  
> mix or segregate them?
> DHCP -- 1 or 2 DHCP services, provided by which?  Does DHCP care  
> about platform?
> DynDNS -- How is this integrated with DHCP (plus the above question).
> Kerberos -- krb5.conf or DNS SRV?
> Cross-realm -- Set up?  Server-side referrals implemented (outside  
> the DC that is)?
>
> Client configuration questions:
>
> advertised DNS servers -- BIND, DC, mix, pre-configured or DHCP  
> supplied?
> cross-realm -- [domain_realm] section or DNS records maintained?
>
> I'm just listing the things that I can think of.  Please tell me  
> what I haven't thought of!
>
> If you want to reply privately, I will try to summarize to the list.

------------------------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu

Follow-Ups:
- Re: Recommendations for Mixing Windows and non-Windows Domains?
  - From: "C.J. Adams-Collier" <cjcollier@gmail.com>

Prev by Date: Re: aes256 keys not supported
Next by Date: Re: Recommendations for Mixing Windows and non-Windows Domains?
Prev by thread: Re: aes256 keys not supported
Next by thread: Re: Recommendations for Mixing Windows and non-Windows Domains?
Index(es):
- Date
- Thread