On to, 09 marras 2017, Justin Smith via FreeIPA-users wrote:
I have FreeIPA and Active Directory on our network and am attempting to
follow the [ https://www.freeipa.org/page/Active_Directory_trust_setup
| official instructions ] for getting a trust set up.

I'm down to the section where I run ipa trust-add to set up the trust.
I've set up and verified DNS forwarding on both ends.

Here is the output I'm stuck on:

[root@ipa2 conf.d]# ipa -v trust-add --type ad ad.mimsoftware.com --admin 
Administrator --password
ipa: INFO: trying https://ipa2.mimsoftware.com/ipa/json
ipa: INFO: [try 1]: Forwarding 'schema' to json server 
ipa: INFO: trying https://ipa2.mimsoftware.com/ipa/session/json
Active Directory domain administrator's password:
ipa: INFO: [try 1]: Forwarding 'trust_add/1' to json server 
ipa: ERROR: an internal error has occurred

Any ideas where to begin troubleshooting? If I try this same process in
the browser interface, it throws an error:

"AD DC was unable to reach any IPA domain controller. Most likely it is
a DNS or firewall issue"

However, I've verified that it can't be DNS. What about firewall
configuration on the Windows end? The official instructions just say
"to be added."

See man page for ipa-adtrust-install, it has all firewall requirements
listed. More to that, when you run ipa-adtrust-intall, it actually
prints you a list of ports that need to be open on both sides.

/ Alexander Bokovoy
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to