<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=iso-8859-1"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-AU link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal>I have two separate networks each with their own FreeIPA server(s) and I would like for users from network A to be able to be able to access services in network B, but not the other way around. The documentation for ipa trust-add seems to imply this is not possibly however as “Only trusts to Active Directory domains are supported right now.” It seems really odd that FreeIPA supports trusting a Windows AD domain but not another FreeIPA domain. Is this really the case? If so are IPA -> IPA trusts a feature that is planned for the future? Is there some other way I could achieve this?<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Thanks,<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='color:#548DD4;mso-fareast-language:EN-AU'>Chris Addie</span><span style='font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black;mso-fareast-language:EN-AU'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;color:black;mso-fareast-language:EN-AU'>Seņor</span><span style='font-size:10.0pt;color:#262626;mso-fareast-language:EN-AU'> Security Engineer</span><span style='font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black;mso-fareast-language:EN-AU'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;color:#262626;mso-fareast-language:EN-AU'>Datacom Technical Security Services Pty Ltd</span><span style='font-size:10.0pt;color:#7F7F7F;mso-fareast-language:EN-AU'> | A.B.N. 84 151 241 253</span><span style='font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black;mso-fareast-language:EN-AU'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;color:#262626;mso-fareast-language:EN-AU'>Mb:</span><span style='font-size:10.0pt;color:#7F7F7F;mso-fareast-language:EN-AU'> +61 421 138 786 | </span><span style='font-size:10.0pt;color:#262626;mso-fareast-language:EN-AU'>eM: </span><span style='color:black;mso-fareast-language:EN-AU'><a href="mailto:chris.addie@datacom.com.au"><span style='font-size:10.0pt;color:#0563C1'>chris.addie@datacom.com.au</span></a></span><span style='font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black;mso-fareast-language:EN-AU'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;color:#7F7F7F;mso-fareast-language:EN-AU'> </span><span style='font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black;mso-fareast-language:EN-AU'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;color:#E36C0A;mso-fareast-language:EN-AU'>Discreet</span><span style='font-size:10.0pt;color:#7F7F7F;mso-fareast-language:EN-AU'> </span><span style='font-size:10.0pt;color:#002060;mso-fareast-language:EN-AU'>|</span><span style='font-size:10.0pt;color:#7F7F7F;mso-fareast-language:EN-AU'> </span><span style='font-size:10.0pt;color:#E36C0A;mso-fareast-language:EN-AU'>Niche</span><span style='font-size:10.0pt;color:#7F7F7F;mso-fareast-language:EN-AU'> </span><span style='font-size:10.0pt;color:#002060;mso-fareast-language:EN-AU'>|</span><span style='font-size:10.0pt;color:#7F7F7F;mso-fareast-language:EN-AU'> </span><span style='font-size:10.0pt;color:#E36C0A;mso-fareast-language:EN-AU'>Tailored<o:p></o:p></span></p><p class=MsoNormal style='background:white'><span style='color:#222222;mso-fareast-language:EN-AU'> <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:9.5pt;font-family:"Arial",sans-serif;color:#222222;background:white;mso-fareast-language:EN-AU'>##################################################################################### Confidentiality and Privilege Notice This document is intended solely for the named addressee. The information contained in the pages is confidential and contains legally privileged information. If you are not the addressee indicated in this message or responsible for delivery of the message to such person, you may not copy or deliver this message to anyone, and you should destroy this message and kindly notify the sender by reply email. Confidentiality and legal privilege are not waived or lost by reason of mistaken delivery to you. #####################################################################################</span><span style='font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black;mso-fareast-language:EN-AU'><o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p></div></body></html>