So as others have mentioned windows obviously isn't my area of focus here
either, however we have this working with 2003r2, but I do notice odd
behaviour with "id" returning odd results sometimes depending on what
system I am logged in from or initial logins failing the first time and
working the second time, would this be a result of 2003 trust vs 2008 trust?


On Wed, Jun 19, 2013 at 8:59 AM, Alexander Bokovoy <>wrote:

> On Wed, 19 Jun 2013, Brian Lee wrote:
>> Has anyone successfully set up trusts between 2003 R2 and FreeIPA? I
>> noticed the documentation mentions 2008 R2 as a prerequisite.
>> Unfortunately
>> our organization has not completed the migration to 2008 R2 yet. I know,
>> we're a little behind the curve on that, but fortunately Windows servers
>> aren't my responsibility ;-)
>> If the Kerberos realms are separate between Active Directory and FreeIPA,
>> why does the domain controller need to be Windows 2008 R2 for an external
>> trust? From what I understand, there is no difference in an external trust
>> in Windows NT4, Active Directory 2003, 2008 R2 or Windows 2012.
> Please note that actual requirement is to have functional level 2008 or
> above, for cross-forest trusts.
> In our limited testing using functional level 2003 things did not work
> as expected. We didn't look deeper because functional level 2003 also lacks
> AES encryption and making it working with weaker encryption for TGT was to
> force downgrading encryption on IPA side, aside from unclear issues with
> RPC calls.
> --
> / Alexander Bokovoy
> ______________________________**_________________
> Freeipa-users mailing list
Freeipa-users mailing list

Reply via email to