When establishing trust to AD, there are multiple possible ways to fail, especially if a shared secret is used to set up a trust to AD.
Implement a pre-check procedure that could take a name of trusted domain, method to establish trust, optional arguments, and perform various checks to identify potential problems.
- when shared secret is used, make sure AD side has proper trust half created: forest trust or external trust, not realm trust - make sure DNS domains available in the AD forest do not overlap with IPA realm domains - make sure DNS used by AD side can resolve IPA masters via SRV records
Metadata Update from @abbra: - Issue assigned to abbra - Issue set to the milestone: FreeIPA 4.5 backlog
Login to comment on this ticket.