| Summary: | [RFE] External Trust with Active Directory domain | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Martin Kosek <mkosek> | |
| Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> | |
| Status: | CLOSED ERRATA | QA Contact: | Kaleem <ksiddiqu> | |
| Severity: | unspecified | Docs Contact: | Marc Muehlfeld <mmuehlfe> | |
| Priority: | unspecified | |||
| Version: | 7.3 | CC: | abokovoy, ipa-maint, kludhwan, mbasti, pvoborni, rcritten, saime, sbose, sumenon | |
| Target Milestone: | rc | Keywords: | FutureFeature | |
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | ipa-4.4.0-0.el7.1.alpha1 | Doc Type: | Enhancement | |
| Doc Text: |
IdM now supports establishing an external trust to an AD domain
Red Hat Enterprise Linux Identity Management (IdM) now supports establishing an external trust to an Active Directory (AD) domain in a forest. An external trust is non-transitive and can be established to any domain in an AD forest. This allows to limit a trusted relationship to a specific domain rather than trusting the whole AD forest.
|
Story Points: | --- | |
| Clone Of: | ||||
| : | 1351237 (view as bug list) | Environment: | ||
| Last Closed: | 2016-11-04 05:51:34 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Bug Depends On: | ||||
| Bug Blocks: | 1351237 | |||
|
Description
Martin Kosek
2016-03-04 13:33:59 UTC
Upstream design page: http://www.freeipa.org/page/V4/External_trust_to_AD Upstream ticket: https://fedorahosted.org/freeipa/ticket/5743 Upstream ticket: https://fedorahosted.org/freeipa/ticket/5904 Fixed upstream master: https://fedorahosted.org/freeipa/changeset/5b0dbe7e5996ef95301c5fdd530f2e2a18757f04 https://fedorahosted.org/freeipa/changeset/d6266476fa1425dfd62cf6138b9ca7ab7b270c23 This feature should be listed in the RHEL 7.3 release notes. Petr, can you please provide some general information for the release notes? E. g. - What is the new feature? - How it helps the user? - Anything else to mention in the release notes for this feature? Added a note. Able to add external trust using the below rpms. sssd-1.14.0-18.el7.x86_64 ipa-server-trust-ad-4.4.0-7.el7.x86_64 ipa-server-4.4.0-7.el7.x86_64 Tested using the below enviornment. pne.qe forest root domain chd.pne.qe child domain test.qa tree root domain [root@ipaserver sssd]# ipa trust-add --external=true --two-way=true Realm name: pne.qe Active Directory domain administrator: Administrator Active Directory domain administrator's password: ----------------------------------------------- Added Active Directory trust for realm "pne.qe" ----------------------------------------------- Realm name: pne.qe Domain NetBIOS name: PNE Domain Security Identifier: S-1-5-21-3912719521-1967590360-1136226524 Trust direction: Two-way trust Trust type: Non-transitive external trust to a domain in another Active Directory forest Trust status: Established and verified [root@ipaserver sssd]# ipa trust-add --external=true Realm name: pne.qe Active Directory domain administrator: Administrator Active Directory domain administrator's password: ----------------------------------------------- Added Active Directory trust for realm "pne.qe" ----------------------------------------------- Realm name: pne.qe Domain NetBIOS name: PNE Domain Security Identifier: S-1-5-21-3912719521-1967590360-1136226524 Trust direction: Trusting forest Trust type: Non-transitive external trust to a domain in another Active Directory forest Trust status: Established and verified [root@ipaserver sssd]# ipa trust-add --external=true Realm name: chd.pne.qe Active Directory domain administrator: administrator Active Directory domain administrator's password: --------------------------------------------------- Added Active Directory trust for realm "chd.pne.qe" --------------------------------------------------- Realm name: chd.pne.qe Domain NetBIOS name: CHD Domain Security Identifier: S-1-5-21-725505228-2944741108-2454985349 Trust direction: Trusting forest Trust type: Non-transitive external trust to a domain in another Active Directory forest Trust status: Established and verified [root@ipaserver sssd]# ipa trust-add --external=true Realm name: test.qa Active Directory domain administrator: administrator Active Directory domain administrator's password: ------------------------------------------------ Added Active Directory trust for realm "test.qa" ------------------------------------------------ Realm name: test.qa Domain NetBIOS name: TEST Domain Security Identifier: S-1-5-21-4204873575-1158510886-1449965812 Trust direction: Trusting forest Trust type: Non-transitive external trust to a domain in another Active Directory forest Trust status: Established and verified Note: bz1365546 handles the issue "External trust with root domain is transitive" Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2404.html |