[Freeipa-users] What id my AD domain user password not available
Alexander Bokovoy
abokovoy at redhat.com
Tue Jun 14 07:10:25 UTC 2016
On Tue, 14 Jun 2016, Ben .T.George wrote:
>HI
>
>sorry it was issue with DNS (SRV records was missing) and it's been fixed
>now. i have created one way forest trust
>
>While issuing trust from IPA server, i have used shared key and the process
>was successful.
It will always be successful because IPA server talks to itself.
>But after validating the trust from AD side, it's asking for some username
>and password.I have gave below password combinations:
>
>IPA "admin" user and password
>IPA admin user and IPA directory password
>AD "Administrator" and password.
>
>but still it's not accepting that. So which username and password it is
>expecting?
>
>This is if i create one way trust. If i create two way trust, this password
>is not asking. and my AD admin will only allow one way trust.
There is a bug right now where shared secret one-way trust is broken
with the symptoms your setup is showing.
You have four options:
- one-way trust established using credentials of AD administrator who
is member of Enterprise Admins or Domain admins group from the forest
root domain. This options works just fine.
- one-way trust established using shared secret. This doesn't currently
work. https://bugzilla.redhat.com/show_bug.cgi?id=1345975
- two-way trust established using credentials of AD administrator who
is member of Enterprise Admins of Domain admins group from the forest
root domain. This option works just fine.
- two-way trust established using shared secret. This option works just
fine.
I'm currently looking into bug #1345975.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list