[Freeipa-users] FreeIPA trusts with 2003 R2

Dmitri Pal dpal at redhat.com
Wed Jun 19 16:35:49 UTC 2013 

On 06/19/2013 09:05 AM, Aly Khimji wrote:
> We have managed to establish a FreeIPA / Windows 2003R2.  
> However domain and forest functional level has to be set to max on
> that platform which i believe is 2003 anyways.  
> I know when I was first attempting the trusts, on a new 2003r2 DC and
> the forest functional level was set to 2000, the trust wouldn't
> establish and with IPA and the process would die.
>
> Everything "seems" to be working so far, so I would also like to know
> as well if 2008 is a requirement 100%?


We have not tested this extensively. As Alexander mentioned there might
be issues. If you manage to set it up - great. If there are some
glitches they might be related to 2003 vs 2008 but we can't say for sure
without more investigation.
If your testing reveals some reproducible issues we definitely want to
know about them. Whether we would be able to fix them is yet another story.

>
> Thanks
>
> Aly
>
>
> On Wed, Jun 19, 2013 at 8:50 AM, Brian Lee <brian_lee1 at jabil.com
> <mailto:brian_lee1 at jabil.com>> wrote:
>
>     Has anyone successfully set up trusts between 2003 R2 and FreeIPA?
>     I noticed the documentation mentions 2008 R2 as a prerequisite.
>     Unfortunately our organization has not completed the migration to
>     2008 R2 yet. I know, we're a little behind the curve on that, but
>     fortunately Windows servers aren't my responsibility ;-)
>
>     If the Kerberos realms are separate between Active Directory and
>     FreeIPA, why does the domain controller need to be Windows 2008 R2
>     for an external trust? From what I understand, there is no
>     difference in an external trust in Windows NT4, Active Directory
>     2003, 2008 R2 or Windows 2012.
>      
>     Thanks in advance for any input or experiences with this
>     configuration!
>
>     _______________________________________________
>     Freeipa-users mailing list
>     Freeipa-users at redhat.com <mailto:Freeipa-users at redhat.com>
>     https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130619/6cd7e2fa/attachment.htm>

More information about the Freeipa-users mailing list