On Tue, 14 Jun 2016, Ben .T.George wrote:
sorry it was issue with DNS (SRV records was missing) and it's been fixed
now. i have created one way forest trust
While issuing trust from IPA server, i have used shared key and the process
It will always be successful because IPA server talks to itself.
But after validating the trust from AD side, it's asking for some username
and password.I have gave below password combinations:
IPA "admin" user and password
IPA admin user and IPA directory password
AD "Administrator" and password.
but still it's not accepting that. So which username and password it is
This is if i create one way trust. If i create two way trust, this password
is not asking. and my AD admin will only allow one way trust.
There is a bug right now where shared secret one-way trust is broken
with the symptoms your setup is showing.
You have four options:
- one-way trust established using credentials of AD administrator who
is member of Enterprise Admins or Domain admins group from the forest
root domain. This options works just fine.
- one-way trust established using shared secret. This doesn't currently
- two-way trust established using credentials of AD administrator who
is member of Enterprise Admins of Domain admins group from the forest
root domain. This option works just fine.
- two-way trust established using shared secret. This option works just
I'm currently looking into bug #1345975.
/ Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project