All, I am testing an IDM/IPA setup for out RHEL environment.
My current setup.
sjlab.local - domain one
mylab.local - domain two
sjlab and mylab are two separate AD Domain's sjlab is the primary domain
IDM will be integrated with. sjlab has a one way (outgoing) Forest type
transitive trust with mylab.
idm.sjlab.local - IDM domain
I have the trust between IDM and sjlab working.
when I perform an ipa trust-show on sjlab.local I see that it is connected
with a trust direction of Two-way trust and type of Active Directory
I can authenticate with users from sjlab.local to a server on the idm
domain. That all appears to be working ok.
What I cannot do however is authenticate with users from the mylab.local
When I perform an ipa trust-fetch-domains for sjlab.local it states that no
new domains can be found.
I know the documentation refers to this trust as a transitive trust within
the forest. I have a forest level trust between sjlab and mylab, however
I realize they are not in the same forest. Does that mean that this type
of setup will not work, or is there something I am missing?
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project