Refering to this bit of older post,
What now the difference between a One-way or Two-Way Trust anyway....? The docs are not
too clear abut it:
" Two-way trust enables AD users and groups to access resources in IdM.
However, the two-way trust in IdM does not give the users any additional
rights compared to the one-way trust solution in AD. Both solutions are
considered equally secure because of default cross-forest trust SID
What a use-case for using a Two-Way Trust? (since Windows cannot use IPA as a AD
Van: Alexander Bokovoy via FreeIPA-users <freeipa-users(a)lists.fedorahosted.org>
Antwoord-naar: FreeIPA users list <freeipa-users(a)lists.fedorahosted.org>
Aan: FreeIPA users list <freeipa-users(a)lists.fedorahosted.org>
Cc: Michal Sladek <michal(a)sladkovi.eu>, Alexander Bokovoy
Onderwerp: [Freeipa-users] Re: Is IPA-AD two-way trust really two-way?
Datum: Thu, 23 Aug 2018 12:08:17 +0300
On to, 23 elo 2018, Michal Sladek via FreeIPA-users wrote:
I would like to use IPA server in heterogeneous environment with Linux servers and Windows
workstations.IPA domain would be used as a primary source of users and groups.AD domain
would be used for management of Widows hosts only (group policies etc.).
I have setup a test network with two-trust between AD and IPA domainand realized, that IPA
domain sees AD users but AD domain doesn't seeIPA users. Am I missing something or the
two-way trust is not two-wayin fact?It is two-way in principle. However, FreeIPA does not
implement featuresrequired by AD DC to resolve IPA users on Windows workstations. It is
onour long term roadmap.
-- / Alexander BokovoySr. Principal Software EngineerSecurity / Identity Management
EngineeringRed Hat Limited,
Finland_______________________________________________FreeIPA-users mailing list --
freeipa-users(a)lists.fedorahosted.orgTo unsubscribe send an email to
freeipa-users-leave(a)lists.fedorahosted.orgFedora Code of Conduct: