So as others have mentioned windows obviously isn't my area of focus here either, however we have this working with 2003r2, but I do notice odd behaviour with "id" returning odd results sometimes depending on what system I am logged in from or initial logins failing the first time and working the second time, would this be a result of 2003 trust vs 2008 trust?
Aly On Wed, Jun 19, 2013 at 8:59 AM, Alexander Bokovoy <aboko...@redhat.com>wrote: > On Wed, 19 Jun 2013, Brian Lee wrote: > >> Has anyone successfully set up trusts between 2003 R2 and FreeIPA? I >> noticed the documentation mentions 2008 R2 as a prerequisite. >> Unfortunately >> our organization has not completed the migration to 2008 R2 yet. I know, >> we're a little behind the curve on that, but fortunately Windows servers >> aren't my responsibility ;-) >> >> If the Kerberos realms are separate between Active Directory and FreeIPA, >> why does the domain controller need to be Windows 2008 R2 for an external >> trust? From what I understand, there is no difference in an external trust >> in Windows NT4, Active Directory 2003, 2008 R2 or Windows 2012. >> > Please note that actual requirement is to have functional level 2008 or > above, for cross-forest trusts. > > In our limited testing using functional level 2003 things did not work > as expected. We didn't look deeper because functional level 2003 also lacks > AES encryption and making it working with weaker encryption for TGT was to > force downgrading encryption on IPA side, aside from unclear issues with > RPC calls. > > -- > / Alexander Bokovoy > > > ______________________________**_________________ > Freeipa-users mailing list > Freeipaemail@example.com > https://www.redhat.com/**mailman/listinfo/freeipa-users<https://www.redhat.com/mailman/listinfo/freeipa-users> >
_______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users