subject:"\[Freeipa\-devel\] \[PATCH\] 0170 AD Trust\: improve trust validation"

Re: [Freeipa-devel] [PATCH] 0170 AD Trust: improve trust validation

2014-11-25 Thread Tomas Babej

On 11/24/2014 02:23 PM, Alexander Bokovoy wrote: Hi, Trust validation requires AD DC to contact IPA server to verify that trust account actually works. It can fail due to DNS or firewall issue or if AD DC was able to resolve IPA master(s) via SRV records, it still may contact a replica that

[Freeipa-devel] [PATCH] 0170 AD Trust: improve trust validation

2014-11-24 Thread Alexander Bokovoy

Hi, Trust validation requires AD DC to contact IPA server to verify that trust account actually works. It can fail due to DNS or firewall issue or if AD DC was able to resolve IPA master(s) via SRV records, it still may contact a replica that has no trust data replicated yet. In case AD DC