On 02/19/2016 06:33 AM, Chris Addie wrote: > I have two separate networks each with their own FreeIPA server(s) and I > would like for users from network A to be able to be able to access services > in network B, but not the other way around. The documentation for ipa > trust-add seems to imply this is not possibly however as “Only trusts to > Active Directory domains are supported right now.” It seems really odd that > FreeIPA supports trusting a Windows AD domain but not another FreeIPA > domain. Is this really the case?
Yes. > If so are IPA -> IPA trusts a feature that > is planned for the future? Yes :-) > Is there some other way I could achieve this? You can do hacks to achieve authentication part, but you would still miss authorization or other parts. Please see details to my brief answer in our FAQ section: http://www.freeipa.org/page/Frequently_Asked_Questions#When_will_we_implement_FreeIPA_to_FreeIPA_trusts.3F HTH, Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project