All, I am testing an IDM/IPA setup for out RHEL environment. My current setup.
Windows sjlab.local - domain one mylab.local - domain two sjlab and mylab are two separate AD Domain's sjlab is the primary domain IDM will be integrated with. sjlab has a one way (outgoing) Forest type transitive trust with mylab. Linux idm.sjlab.local - IDM domain I have the trust between IDM and sjlab working. when I perform an ipa trust-show on sjlab.local I see that it is connected with a trust direction of Two-way trust and type of Active Directory domain. I can authenticate with users from sjlab.local to a server on the idm domain. That all appears to be working ok. What I cannot do however is authenticate with users from the mylab.local domain. When I perform an ipa trust-fetch-domains for sjlab.local it states that no new domains can be found. I know the documentation refers to this trust as a transitive trust within the forest. I have a forest level trust between sjlab and mylab, however I realize they are not in the same forest. Does that mean that this type of setup will not work, or is there something I am missing? Thank you Steven
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project