[Freeipa-users] SSH login using putty from Windows to SSSD client in IPA AD trust
Alexander Bokovoy
abokovoy at redhat.com
Wed Sep 7 08:59:44 UTC 2016
On Wed, 07 Sep 2016, Troels Hansen wrote:
>----- On Sep 7, 2016, at 10:36 AM, Alexander Bokovoy abokovoy at redhat.com wrote:
>
>> How exactly did you establish the trust? I see you have one-way trust
>> but did you establish it with AD admin credentials or using a shared
>> secret? If the latter, it is a known issue that AD does not activate the
>> trust for shared secret one-way case and aforementioned bug prevents us
>> to validate the rust afterwards.
>
>
>Not quite sure actually.
>I can remember we tried using shared secret but not sure if we got it
>to work or if we falled back to user and password (bash history on IPA
>server expired).
There are two solutions here: use admin credentials to establish one-way
trust or use two-way trust (whether with shared secret or admin
credentials).
You can re-establish trust. It will drop the trusted domain objects on
both sides and re-create them, but the rest will be kept intact on IPA
side, so it could be used to repair such cases.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list