On Tue, 13 Oct 2015, Michael Barkdoll wrote:
Hello, I've successfully setup a two-way trust between FreeIPA and AD.  My
understanding is that FreeIPA is currently or planning to support Global
Cataloging.  I'm looking to implement a one-way trust between AD and
FreeIPA to remove security concerns with my AD administrators in my
You didn't specify what FreeIPA version you are talking about. One-way
trust is implemented in FreeIPA 4.2 (4.2.2 right now, RHEL 7.2 beta has
it under 'ipa-server-4.2.0-*' package).

My questions are as follows:
1) Is there a guide/post that I can follow for setting up a one-way trust
between FreeIPA and AD?
In FreeIPA 4.2+ one-way trust is the default. So if you want to
establish trust and don't specify --bi-directional flag, you are
establishing one-way trust.

For earlier-established trust relationship, you need to re-run 'ipa
trust-add' again to convert to one-way.

2) What type of trust is being created on the AD side, is it a cross-forest
outgoing trust to the FreeIPA server from the AD server?
Yes. Instead of creating both legs of the trust, only one of them is
/ Alexander Bokovoy

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to