Oh, right - I had forgotten about that. It still throws the same error. I even tried turning the firewalls completely off in case I accidentally missed something.
--- Justin Smith IT Analyst MIM Software, Inc. [ https://www.mimsoftware.com/ | https://www.mimsoftware.com ] ----- Original Message ----- From: "Alexander Bokovoy" <[email protected]> To: "freeipa-users" <[email protected]> Cc: "Justin Smith" <[email protected]> Sent: Thursday, November 9, 2017 1:54:16 PM Subject: Re: [Freeipa-users] Trouble with AD Trust On to, 09 marras 2017, Justin Smith via FreeIPA-users wrote: >I have FreeIPA and Active Directory on our network and am attempting to >follow the [ https://www.freeipa.org/page/Active_Directory_trust_setup >| official instructions ] for getting a trust set up. > >I'm down to the section where I run ipa trust-add to set up the trust. >I've set up and verified DNS forwarding on both ends. > >Here is the output I'm stuck on: > >[root@ipa2 conf.d]# ipa -v trust-add --type ad ad.mimsoftware.com --admin >Administrator --password >ipa: INFO: trying https://ipa2.mimsoftware.com/ipa/json >ipa: INFO: [try 1]: Forwarding 'schema' to json server >'https://ipa2.mimsoftware.com/ipa/json' >ipa: INFO: trying https://ipa2.mimsoftware.com/ipa/session/json >Active Directory domain administrator's password: >ipa: INFO: [try 1]: Forwarding 'trust_add/1' to json server >'https://ipa2.mimsoftware.com/ipa/session/json' >ipa: ERROR: an internal error has occurred > >Any ideas where to begin troubleshooting? If I try this same process in >the browser interface, it throws an error: > >"AD DC was unable to reach any IPA domain controller. Most likely it is >a DNS or firewall issue" > >However, I've verified that it can't be DNS. What about firewall >configuration on the Windows end? The official instructions just say >"to be added." ? See man page for ipa-adtrust-install, it has all firewall requirements listed. More to that, when you run ipa-adtrust-intall, it actually prints you a list of ports that need to be open on both sides. -- / Alexander Bokovoy _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
