All,  I am testing an IDM/IPA setup for out RHEL environment.

My current setup.


sjlab.local - domain one
mylab.local - domain two

sjlab and mylab are two separate AD Domain's  sjlab is the primary domain
IDM will be integrated with.  sjlab has a one way (outgoing) Forest type
transitive trust with mylab.

idm.sjlab.local - IDM domain

I have the trust between IDM and sjlab working.

when I perform an ipa trust-show on sjlab.local I see that it is connected
with a trust direction of Two-way trust and type of Active Directory

I can authenticate with users from sjlab.local to a server on the idm
domain.  That all appears to be working ok.

What I cannot do however is authenticate with users from the mylab.local

When I perform an ipa trust-fetch-domains for sjlab.local it states that no
new domains can be found.

I know the documentation refers to this trust as a transitive trust within
the forest.  I have a forest level trust between sjlab and mylab,  however
I realize they are not in the same forest.  Does that mean that this type
of setup will not work, or is there something I am missing?

Thank you

Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to