We currently have a single AD (2016) domain, company.co.uk. The DNS zone file is managed
by Active Directory, so all machines (Windows and Linux) are listed in the zone file.
Windows users authenticate against AD and Linux users authenticate against a separate NIS
server. We are considering replacing NIS with a FreeIPA server.
The most important consideration is to maintain the *ix users GUID and UID data that is
currently stored on the NIS sever. If this data could be stored in AD, then we probable
would not be considering FreeIPA. A typical *ix user workflow is for the user to ssh
from their local machine to one of 20 developments servers. The user GUID and UID must be
the same regardless of which machine they access. We don’t currently have any
username/password synchronisation between AD and NIS so this is not a requirement. It’s
clear that enable a trust between FreeIPA and AD, we would need to create a separate IPA
domain.
I assume all 20 development servers would need to be added to the IPA domain?