Oh, right - I had forgotten about that.

It still throws the same error. I even tried turning the firewalls completely 
off in case I accidentally missed something.

Justin Smith 
IT Analyst 
MIM Software, Inc. 
[ https://www.mimsoftware.com/ | https://www.mimsoftware.com ]

----- Original Message -----
From: "Alexander Bokovoy" <aboko...@redhat.com>
To: "freeipa-users" <freeipa-users@lists.fedorahosted.org>
Cc: "Justin Smith" <jsm...@mimsoftware.com>
Sent: Thursday, November 9, 2017 1:54:16 PM
Subject: Re: [Freeipa-users] Trouble with AD Trust

On to, 09 marras 2017, Justin Smith via FreeIPA-users wrote:
>I have FreeIPA and Active Directory on our network and am attempting to
>follow the [ https://www.freeipa.org/page/Active_Directory_trust_setup
>| official instructions ] for getting a trust set up.
>I'm down to the section where I run ipa trust-add to set up the trust.
>I've set up and verified DNS forwarding on both ends.
>Here is the output I'm stuck on:
>[root@ipa2 conf.d]# ipa -v trust-add --type ad ad.mimsoftware.com --admin 
>Administrator --password
>ipa: INFO: trying https://ipa2.mimsoftware.com/ipa/json
>ipa: INFO: [try 1]: Forwarding 'schema' to json server 
>ipa: INFO: trying https://ipa2.mimsoftware.com/ipa/session/json
>Active Directory domain administrator's password:
>ipa: INFO: [try 1]: Forwarding 'trust_add/1' to json server 
>ipa: ERROR: an internal error has occurred
>Any ideas where to begin troubleshooting? If I try this same process in
>the browser interface, it throws an error:
>"AD DC was unable to reach any IPA domain controller. Most likely it is
>a DNS or firewall issue"
>However, I've verified that it can't be DNS. What about firewall
>configuration on the Windows end? The official instructions just say
>"to be added."

See man page for ipa-adtrust-install, it has all firewall requirements
listed. More to that, when you run ipa-adtrust-intall, it actually
prints you a list of ports that need to be open on both sides.

/ Alexander Bokovoy
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to