Good evening,

I am looking through the IPA documentation and it looks like I will
need a password that don't expire on the active directory side.

These are the two documented ways.

ipa trust-add --type=ad --admin Administrator –password
ipa trust-add --type=ad --trust-secret

I had initially used the first method, but we recently started
rotating the admin password.  I suspect this has broken the trust and
looking on a more durable solution.

On closely reading through the trust secret section on the
documentation, it looks like it also involve using a password. I
thought I had read somewhere that trust can be done without a
permanent password, but this don't seem like the case now.

Is there a way of creating trust, without putting an none expire
exception on the active directory trust account?


Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to