On ke, 06 syys 2017, Bart J via FreeIPA-users wrote:
Thank you. I checked in my test environment and setting trust with administrative credentials works.
I got mixed results for Windows 2012 and Windows 2008 R2 because I previously had set up trust using administrative credentials for Windows 2012. Later, even though I deleted it on FreeIPA's side, setting up trust with a pre-shared key just worked. The same scenario repeated for Windows 2008 R2.
You did explicit 'ipa trust-del ...'? That only deletes the records on IPA side, AD doesn't know about that. Now, if you'd try to add a trust again with a shared secret, we are not going to be creating anything on AD side either (that's the purpose of a shared secret). So AD would think trust continues to exist and if you set the same secret there, it would just work.