On ma, 19 elo 2019, Ronald Wimmer wrote:
On 22.07.19 17:29, Alexander Bokovoy wrote:
[...] It might be related to a recent update:
https://support.microsoft.com/en-us/help/4490425/updates-to-tgt-delegation-across-incoming-trusts-in-windows-server
If i try to issue the command
netdom trust second.mydomain.at /domain:linux.mydomain.at
/enabletgtdelegation:Yes /verbose
for a second trusted domain I get an error message saying that user or
password is wrong. According to IPA the trust type is "Non-transitive
external trust to a domain in another Active Directory forest".
Any ideas?
So, IPA is in external trust to AD?
Note that communication to IPA DC using netdom tools most likely will
not work until we get all the fixes I'm working on right now in the
release. *Some* of them are in Fedora 30 updates already and some of
them will be in upcoming RHEL 8 minor releases. But anything before that
will still have not working netdom against IPA DCs.
So I would say this is as it should be.
However, for the purpose of this thread, we should not even try to
contact IPA DCs at all. The change should happen on AD DC side.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
