[Freeipa-users] What id my AD domain user password not available

Mon May 23 14:44:29 UTC 2016

HI

yea that GIf screen i shared with him. but that doesn't show how to take
shared key.

In my case DNS is handled by 3rd party appliances and from their side they
created A record for my IPA server. bth forward and reverse is working

is this forwader is mandatory thing from DNS side?

Regards,
ben

On Mon, May 23, 2016 at 5:31 PM, Michael ORourke <mrorourke at earthlink.net>
wrote:

> Actually one of his questions doesn't make sense, because last I checked,
> normal domain users do not have permissions to create a forest trust.
> I believe the default is a one-way trust, so maybe his concerns about the
> bi-directional trust is really a non-issue.
> If he refuses to type in the admin password in a linux console session
> (extreme paranoia?), then perhaps you could give him a link to the tutorial
> on using a pre-shared key and have him setup the AD side and give you the
> key.  You don't have to be a Windows expert to do this, just ask your
> domain admin to do the steps for you.  Also, you will need to setup a
> separate DNS zone and some forwarding rules.  Otherwise you are going to
> have problems.
>
> -Mike
>
>
> -----Original Message-----
> From: "Ben .T.George"
> Sent: May 23, 2016 10:07 AM
> To: Michael ORourke
> Cc: freeipa-users
> Subject: Re: [Freeipa-users] What id my AD domain user password not
> available
>
> HI
>
> He is local only but he is asking so many questions.
>
> first of all he is refusing to give domain admin users password .
>
> questions he is asking is:
>
> Is this trust relationship is two directional? If, yes why IPA require two
> directional trust?
> can we build this trust one directional?
> can we achieve this with normal domain user?
>
> and hs is opposing to enter password in command line and i was going
> though the rust using a pre-shared key and its too hard for me to
> understand as i have no windows experience
>
> regards,
> Ben
>
> On Mon, May 23, 2016 at 4:22 PM, Michael ORourke <mrorourke at earthlink.net>
> wrote:
>
>> A couple of ways to go about this.  If he is local to you, you could
>> explain that you need to establish a trust with his domain and you need his
>> assistance for a few minutes while you type the command to join, then have
>> him type in the password.  You need to assure that the DNS forward/stub
>> zones are setup and working too.  If he is remote, you could use some
>> screen share software and share out your desktop and walk him through the
>> part where he has to type the admin password.  There is also a way to
>> create a trust using a pre-shared key.  That may be more acceptable to
>> him.
>>
>> -Mike
>>
>> -----Original Message-----
>> From: "Ben .T.George"
>> Sent: May 23, 2016 8:42 AM
>> To: freeipa-users
>> Subject: [Freeipa-users] What id my AD domain user password not available
>>
>> Hi LIst,
>>
>> my Windows domain Admin is not giving domain admin user password.
>>
>> in this case how can i proceed ipa trust-add
>>
>> regards,
>> Ben
>>
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
>>
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160523/e63b712f/attachment.htm>