Good evening, I am looking through the IPA documentation and it looks like I will need a password that don't expire on the active directory side.
These are the two documented ways. ipa trust-add --type=ad ad.example.com --admin Administrator –password ipa trust-add --type=ad ad.example.com --trust-secret I had initially used the first method, but we recently started rotating the admin password. I suspect this has broken the trust and looking on a more durable solution. On closely reading through the trust secret section on the documentation, it looks like it also involve using a password. I thought I had read somewhere that trust can be done without a permanent password, but this don't seem like the case now. Is there a way of creating trust, without putting an none expire exception on the active directory trust account? Regards, William -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project