On ti, 22 elo 2017, bogusmaster--- via FreeIPA-users wrote:
Hi All,

I am setting up a one-way trust from FreeIPA server to AD domain with a
pre-shared key.
This is currently not working due to chicken/egg problem: in order to
turn trust into an active one, you need to validate it. We do not have
code in Samba-IPA integration that makes validation _from_ Windows side
working, thus we can only validate it from Linux side. However, to do
that, we should have *some* administrative account on AD side because
our trusted domain object is not active yet.

There are two ways to get around it today:
- use administrative credentials to establish one-way trust
- establish two-way trust


--
/ Alexander Bokovoy
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to