Actually one of his questions doesn't make sense, because last I checked, normal domain users do not have permissions to create a forest trust.
I believe the default is a one-way trust, so maybe his concerns about the bi-directional trust is really a non-issue.
If he refuses to type in the admin password in a linux console session (extreme paranoia?), then perhaps you could give him a link to the tutorial on using a pre-shared key and have him setup the AD side and give you the key.  You don't have to be a Windows expert to do this, just ask your domain admin to do the steps for you.  Also, you will need to setup a separate DNS zone and some forwarding rules.  Otherwise you are going to have problems.

-Mike
 

-----Original Message-----
From: "Ben .T.George"
Sent: May 23, 2016 10:07 AM
To: Michael ORourke
Cc: freeipa-users
Subject: Re: [Freeipa-users] What id my AD domain user password not available

HI

He is local only but he is asking so many questions.

first of all he is refusing to give domain admin users password .

questions he is asking is:

Is this trust relationship is two directional? If, yes why IPA require two directional trust?
can we build this trust one directional?
can we achieve this with normal domain user?

and hs is opposing to enter password in command line and i was going though the rust using a pre-shared key and its too hard for me to understand as i have no windows experience

regards,
Ben

On Mon, May 23, 2016 at 4:22 PM, Michael ORourke <mrorou...@earthlink.net> wrote:
A couple of ways to go about this.  If he is local to you, you could explain that you need to establish a trust with his domain and you need his assistance for a few minutes while you type the command to join, then have him type in the password.  You need to assure that the DNS forward/stub zones are setup and working too.  If he is remote, you could use some screen share software and share out your desktop and walk him through the part where he has to type the admin password.  There is also a way to create a trust using a pre-shared key.  That may be more acceptable to him. 

-Mike

-----Original Message-----
From: "Ben .T.George"
Sent: May 23, 2016 8:42 AM
To: freeipa-users
Subject: [Freeipa-users] What id my AD domain user password not available

Hi LIst,

my Windows domain Admin is not giving domain admin user password.

in this case how can i proceed ipa trust-add

regards,
Ben

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to