At my company, we are trying to setup a pilot with FreeIPA and we having some 
issues.  We would like to leverage our corporate AD infrastructure which mainly 
lives in "", and is a member of "" forest.  Note the 
different DNS naming between the root domain and the tree.  Our FreeIPA domain 
is and is joined to  If we create users in, we can use those account on servers joined to, 
but user accounts under will not work.  Could this be a transitive 
trust issue?  Is there something unique we need to setup on the linux servers 
under (sssd.conf or krb5.conf) to allow authentication from  (forest root domain)  (main domain tree, users and groups accounts which need access to  (freeIPA domain, joined to forest


Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to