[Freeipa-devel] [freeipa PR#40] do not use trusted forest name to construct domain admin principal (comment)
mbasti-rh commented on a pull request """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/f32e0e4e522e09390f4295dd79f52d7a48877d3a """ See the full comment at https://github.com/freeipa/freeipa/pull/40#issuecomment-243758104 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#40] do not use trusted forest name to construct domain admin principal (comment)
abbra commented on a pull request """ Apologies. This is indeed a minor issue which is correctly fixed, so ACK for this one. Note, though, this will not help with the actual query because regardless of what credentials were used, AD DC of a child domain behaves wrongly in Windows Server 2012R2 by not following MS-NRPC 3.5.4.7.5. """ See the full comment at https://github.com/freeipa/freeipa/pull/40#issuecomment-243756126 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#40] do not use trusted forest name to construct domain admin principal (comment)
abbra commented on a pull request """ NACK. This is wrong. In the case of external trust to a child domain we cannot run netr_DsRGetForestTrustInformation() against the child domain, regardless what credentials we have. Instead, we should run this request against the forest root domain using the credentials specified by the user. """ See the full comment at https://github.com/freeipa/freeipa/pull/40#issuecomment-243752391 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
