On Wed, 07 Sep 2016, Troels Hansen wrote:
----- On Sep 7, 2016, at 10:36 AM, Alexander Bokovoy aboko...@redhat.com wrote:

How exactly did you establish the trust? I see you have one-way trust
but did you establish it with AD admin credentials or using a shared
secret? If the latter, it is a known issue that AD does not activate the
trust for shared secret one-way case and aforementioned bug prevents us
to validate the rust afterwards.


Not quite sure actually.
I can remember we tried using shared secret but not sure if we got it
to work or if we falled back to user and password (bash history on IPA
server expired).
There are two solutions here: use admin credentials to establish one-way
trust or use two-way trust (whether with shared secret or admin
credentials).

You can re-establish trust. It will drop the trusted domain objects on
both sides and re-create them, but the rest will be kept intact on IPA
side, so it could be used to repair such cases.
--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to