HI yea that GIf screen i shared with him. but that doesn't show how to take shared key.
In my case DNS is handled by 3rd party appliances and from their side they created A record for my IPA server. bth forward and reverse is working is this forwader is mandatory thing from DNS side? Regards, ben On Mon, May 23, 2016 at 5:31 PM, Michael ORourke <mrorou...@earthlink.net> wrote: > Actually one of his questions doesn't make sense, because last I checked, > normal domain users do not have permissions to create a forest trust. > I believe the default is a one-way trust, so maybe his concerns about the > bi-directional trust is really a non-issue. > If he refuses to type in the admin password in a linux console session > (extreme paranoia?), then perhaps you could give him a link to the tutorial > on using a pre-shared key and have him setup the AD side and give you the > key. You don't have to be a Windows expert to do this, just ask your > domain admin to do the steps for you. Also, you will need to setup a > separate DNS zone and some forwarding rules. Otherwise you are going to > have problems. > > -Mike > > > -----Original Message----- > From: "Ben .T.George" > Sent: May 23, 2016 10:07 AM > To: Michael ORourke > Cc: freeipa-users > Subject: Re: [Freeipa-users] What id my AD domain user password not > available > > HI > > He is local only but he is asking so many questions. > > first of all he is refusing to give domain admin users password . > > questions he is asking is: > > Is this trust relationship is two directional? If, yes why IPA require two > directional trust? > can we build this trust one directional? > can we achieve this with normal domain user? > > and hs is opposing to enter password in command line and i was going > though the rust using a pre-shared key and its too hard for me to > understand as i have no windows experience > > regards, > Ben > > On Mon, May 23, 2016 at 4:22 PM, Michael ORourke <mrorou...@earthlink.net> > wrote: > >> A couple of ways to go about this. If he is local to you, you could >> explain that you need to establish a trust with his domain and you need his >> assistance for a few minutes while you type the command to join, then have >> him type in the password. You need to assure that the DNS forward/stub >> zones are setup and working too. If he is remote, you could use some >> screen share software and share out your desktop and walk him through the >> part where he has to type the admin password. There is also a way to >> create a trust using a pre-shared key. That may be more acceptable to >> him. >> >> -Mike >> >> -----Original Message----- >> From: "Ben .T.George" >> Sent: May 23, 2016 8:42 AM >> To: freeipa-users >> Subject: [Freeipa-users] What id my AD domain user password not available >> >> Hi LIst, >> >> my Windows domain Admin is not giving domain admin user password. >> >> in this case how can i proceed ipa trust-add >> >> regards, >> Ben >> >> >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project >> > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project