On Fri, Jul 21, 2017 at 03:43:58PM -0400, Jason Beck via FreeIPA-users wrote:
> I have been trying to reliably get an AD trust setup for a few weeks and no
> matter what I try, when I goto add AD users to an external group in
> FreeIPA, I get:
> "trusted domain object not found"
> Googling around tends to always yield the same suggestions:
> 1) Check time sync
> 2) Check DNS
> 3) Check firewall
> I have done all of this ad nauseam in several different environments with
> several different versions of FreeIPA and Windows servers. I have gotten a
> setup to work maybe 2% of the time out of hundreds of attempts.
> I am currently using FreeIPA 4.5.2 on Fedora 25 (out of the COPR repo). I
> am trying to establish trust with a mixed Windows 2012 & 2008 forest. I
> have tried both one and two way trusts. Everything seems to work fine up
> until I try to add AD users to FreeIPA.
> I have verified all of the requisite DNS records exist and return the
> proper information on both sides, there are no firewalls between any of the
> hosts, and the AD servers and FreeIPA servers are synchronized by the same
> NTP servers.
> What could I possibly be missing?
Can you resolve the object you're trying to add with sssd?
e.g. id firstname.lastname@example.org
FreeIPA-users mailing list -- email@example.com
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org