AD implicitly assumes that the DNS domain name and the realm of a trusted domain are the same. IPA can be configured so that the domain name and the realm are different. Since neither of them can be changed after the installation there should be a warning during the installation that trusts to AD are not possible if both names do not match (different cases are allowed of course).
Would they be possible if I install another IPA replica in the domain that matches IPA realm? Would that be a workaround?
Closing as dup of #3923.
Dmitri, I posted exactly the same question there, let's continue the discussion there.
I created the two tickets intentionally because two different tools (ipa-server-install and ipa trust-add) should be modified in different ways (print a warning and stop processing).
Re-opning based on Sumit's comment.
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1009044 (Red Hat Enterprise Linux 7)
master: bae291d[[BR]] ipa-3-3: 7e453d4
Metadata Update from @sbose: - Issue assigned to tbabej - Issue set to the milestone: FreeIPA 3.3.x - 2013/09 (bug fixing)
Login to comment on this ticket.