On Fri, Jul 21, 2017 at 03:43:58PM -0400, Jason Beck via FreeIPA-users wrote: > I have been trying to reliably get an AD trust setup for a few weeks and no > matter what I try, when I goto add AD users to an external group in > FreeIPA, I get: > > "trusted domain object not found" > > Googling around tends to always yield the same suggestions: > > 1) Check time sync > 2) Check DNS > 3) Check firewall > > I have done all of this ad nauseam in several different environments with > several different versions of FreeIPA and Windows servers. I have gotten a > setup to work maybe 2% of the time out of hundreds of attempts. > > I am currently using FreeIPA 4.5.2 on Fedora 25 (out of the COPR repo). I > am trying to establish trust with a mixed Windows 2012 & 2008 forest. I > have tried both one and two way trusts. Everything seems to work fine up > until I try to add AD users to FreeIPA. > > I have verified all of the requisite DNS records exist and return the > proper information on both sides, there are no firewalls between any of the > hosts, and the AD servers and FreeIPA servers are synchronized by the same > NTP servers. > > What could I possibly be missing?
Can you resolve the object you're trying to add with sssd? e.g. id email@example.com _______________________________________________ FreeIPA-users mailing list -- firstname.lastname@example.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org