<html><head><style type="text/css"></style></head><body><div style="font-size: 13px;color: rgb(0, 0, 0);font-family: arial,sans-serif;">Actually one of his questions doesn't make sense, because last I checked, normal domain users do not have permissions to create a forest trust.<br>I believe the default is a one-way trust, so maybe his concerns about the bi-directional trust is really a non-issue.<br>If he refuses to type in the admin password in a linux console session (extreme paranoia?), then perhaps you could give him a link to the tutorial on using a pre-shared key and have him setup the AD side and give you the key. You don't have to be a Windows expert to do this, just ask your domain admin to do the steps for you. Also, you will need to setup a separate DNS zone and some forwarding rules. Otherwise you are going to have problems.<br><br>-Mike<br> <br><br><blockquote style="padding-left: 5px; margin-left: 0px; border-left: #0000ff 2px solid; font-weight: normal; font-style: normal; text-decoration: none; font-size: 10pt; font-family: arial,sans-serif; color: black;">-----Original Message----- <br>From: "Ben .T.George" <bentech4you@gmail.com> <br>Sent: May 23, 2016 10:07 AM <br>To: Michael ORourke <mrorourke@earthlink.net> <br>Cc: freeipa-users <freeipa-users@redhat.com> <br>Subject: Re: [Freeipa-users] What id my AD domain user password not available <br><br><div dir="ltr">HI<div><br></div><div>He is local only but he is asking so many questions.</div><div><br></div><div>first of all he is refusing to give domain admin users password .</div><div><br></div><div>questions he is asking is:</div><div><br></div><div>Is this trust relationship is two directional? If, yes why IPA require two directional trust?</div><div>can we build this trust one directional?</div><div>can we achieve this with normal domain user?</div><div><br></div><div>and hs is opposing to enter password in command line and i was going though the <span style="color:rgb(0,0,0);font-size:13px">rust using a pre-shared key and its too hard for me to understand as i have no windows experience</span></div><div><span style="color:rgb(0,0,0);font-size:13px"><br></span></div><div><span style="color:rgb(0,0,0);font-size:13px">regards,</span></div><div><span style="color:rgb(0,0,0);font-size:13px">Ben</span></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, May 23, 2016 at 4:22 PM, Michael ORourke <span dir="ltr"><<a target="_blank" href="mailto:mrorourke@earthlink.net">mrorourke@earthlink.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="font-size:13px;color:rgb(0,0,0);font-family:arial,sans-serif">A couple of ways to go about this. If he is local to you, you could explain that you need to establish a trust with his domain and you need his assistance for a few minutes while you type the command to join, then have him type in the password. You need to assure that the DNS forward/stub zones are setup and working too. If he is remote, you could use some screen share software and share out your desktop and walk him through the part where he has to type the admin password. There is also a way to create a trust using a pre-shared key. That may be more acceptable to him. <br><br>-Mike<span class=""><br><br><blockquote style="padding-left:5px;margin-left:0px;border-left:#0000ff 2px solid;font-weight:normal;font-style:normal;text-decoration:none;font-size:10pt;font-family:arial,sans-serif;color:black">-----Original Message----- <br>From: "Ben .T.George" <u></u> <br>Sent: May 23, 2016 8:42 AM <br>To: freeipa-users <u></u> <br>Subject: [Freeipa-users] What id my AD domain user password not available <br><br><div dir="ltr">Hi LIst,<div><br></div><div>my Windows domain Admin is not giving domain admin user password.</div><div><br></div><div>in this case how can i proceed ipa trust-add</div><div><br></div><div>regards,</div><div>Ben</div></div> <u></u><u></u></blockquote></span></div></div> <br>--<br> Manage your subscription for the Freeipa-users mailing list:<br> <a target="_blank" href="https://www.redhat.com/mailman/listinfo/freeipa-users" rel="noreferrer">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br> Go to <a target="_blank" href="http://freeipa.org" rel="noreferrer">http://freeipa.org</a> for more info on the project<br></blockquote></div><br></div> </freeipa-users@redhat.com></mrorourke@earthlink.net></bentech4you@gmail.com></blockquote></div></body></html>