[Freeipa-users] IPA/AD domain trust - unidirectional or bidirectional?
opsource trail
opsourcetrail at gmail.com
Wed May 20 09:04:10 UTC 2015
Hello,
we plan to deploy IPA (Red Hat IdM) trust with AD domain but at the moment
we are kind of confused about what type of trust we will need to deal with.
In Red Hat documentation we get an information that:
"... Trusts, then, are essentially unidirectional. Active Directory users
can access IdM resources and services, but IdM users cannot access Active
Directory resources... "
(
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/active-directory-trust.html
)
On the other hand, when I configure the trust I can clearly see that it is
actually bidirectional:
[root at ipaserver ~]# ipa trust-add --type=ad adexample.com --admin
Administrator --password
------------------------------------------------------
Added Active Directory trust for realm "adexample.com"
------------------------------------------------------
Realm name: adexample.com
Domain NetBIOS name: ADEXAMPLE
Domain Security Identifier: S-1-5-21-1689615952-3716327440-3249090444
Trust direction: Two-way trust
Trust type: Active Directory domain
Trust status: Established and verified
I'm afraid that our Windows department will complain and consider this as a
security issue.
Is there anybody who could help me understand this?
Thanks!
All the best.
Jan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150520/65329f35/attachment.htm>
More information about the Freeipa-users
mailing list