[Freeipa-users] FreeIPA with Active directory Read-only domain controller trust setup
Srdjan Dutina
sdutina at gmail.com
Mon Mar 30 15:12:46 UTC 2015
Hi,
I'm testing FreeIPA (v4.1.3, Centos 7) - AD (2012 R2) trust on branch site
where only AD read-only domain controller (RODC) exists.
I'm aware that for initial establishing of trust I need access to writable
domain controller so IPA can add trust to AD domains and trusts.
But after initial setup, can FreeIPA-AD trust continue to function with IPA
access to RODC only? Will Kerberos authentication of AD users on IPA domain
hosts work?
In this case, FreeIPA server should have DNS forward zone configured with
RODC as a forwarder to AD?
AD users have cached passwords on RODC, so authentication is possible in
case of WAN link failure.
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150330/9865435d/attachment.htm>
More information about the Freeipa-users
mailing list