Hello all, We are playing with trust-setups in our lab-environment. I was hoping to create a setup with a "single computer active directory domain" acting as a domain controller and file-server (SMB and NFS), with a one-way trust relationship to our main ipa-realm. That is this (mini) AD-Realm trusts IPA and not the other way around.
I am not sure it will work though, so far windows will not resolve my IPA users, even thought the trust-setup seems to validate (but neither are ipa, so there is something wrong with the current config). If we define a two-way trust relationship we are not able to do this: https://www.server-world.info/en/note?os=AlmaLinux_9&p=freeipa&f=8 I know that full windows-logon won’t work. But I had hopes that file services in question would. If manual user-mapping (via ksetup or something similar, that can make windows-logon with kerberos credentials work) is possible that would suffice as well. And how about samba, does anyone know, if such a setup would work there? That is: A samba AD populated with the real users and groups, and a Microsoft Server running it’s own AD trusting the samba realm, but not the other way around? (yes I know that the server could join the samba domain instead, but this is not the point in this lab-excersise). Is there any information about the work on IPA-to-IPA trust? I read with great enjoyment lasts year’s progress report on this: https://vda.li/posts/2024/05/31/ipa-ipa-trust-progress/ Best Regards, Jostein -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
