On ke, 06 syys 2017, Bart J via FreeIPA-users wrote:
Thank you. I checked in my test environment and setting trust with 
administrative credentials works.

I got mixed results for Windows 2012 and Windows 2008 R2 because I
previously had set up trust using administrative credentials for
Windows 2012. Later, even though I deleted it on FreeIPA's side,
setting up trust with a pre-shared key just worked. The same scenario
repeated for Windows 2008 R2.
You did explicit 'ipa trust-del ...'? That only deletes the records on
IPA side, AD doesn't know about that. Now, if you'd try to add a trust
again with a shared secret, we are not going to be creating anything on
AD side either (that's the purpose of a shared secret). So AD would
think trust continues to exist and if you set the same secret there, it
would just work.

/ Alexander Bokovoy
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to