On Tue, 13 Oct 2015, Michael Barkdoll wrote:
Hello, I've successfully setup a two-way trust between FreeIPA and AD. My understanding is that FreeIPA is currently or planning to support Global Cataloging. I'm looking to implement a one-way trust between AD and FreeIPA to remove security concerns with my AD administrators in my organization.
You didn't specify what FreeIPA version you are talking about. One-way trust is implemented in FreeIPA 4.2 (4.2.2 right now, RHEL 7.2 beta has it under 'ipa-server-4.2.0-*' package).
My questions are as follows: 1) Is there a guide/post that I can follow for setting up a one-way trust between FreeIPA and AD?
In FreeIPA 4.2+ one-way trust is the default. So if you want to establish trust and don't specify --bi-directional flag, you are establishing one-way trust. For earlier-established trust relationship, you need to re-run 'ipa trust-add' again to convert to one-way.
2) What type of trust is being created on the AD side, is it a cross-forest outgoing trust to the FreeIPA server from the AD server?
Yes. Instead of creating both legs of the trust, only one of them is created. -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project