[Freeipa-users] multimaster ad one way trust setup
Alexander Bokovoy
abokovoy at redhat.com
Mon Jan 25 11:41:52 UTC 2016
On Mon, 25 Jan 2016, Rob Verduijn wrote:
>Hi all,
>
>When you have an ipa 4.2 server with an one way trust to the ad.
>What steps are needed to install a second ipa master that also has a
>one way trust to the ad ?
Depends on what you want to achieve.
If you want second IPA master to be able to resolve AD users, just
install the master and run 'ipa-adtrust-install --add-agents' on the
*first* master. This will prompt you to be asked on adding the second
master to the list of hosts allowed to use cross-forest trust
credentials.
If you want to use the second IPA master to *manage* trust, you'd need
to run 'ipa-adtrust-install' on the it. No need to specify
'--add-agents' because the master where 'ipa-adtrust-install' is being
run will be automatically added to the list.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list