On to, 14 kesä 2018, Merritt, Todd R - (tmerritt) via FreeIPA-users wrote:
Thanks Alexander, The DNS entries were actually correct, I had a
missing _ in my test query but thank you for pointing me in the
right direction. The underlying issues ended up being a mix of
firewall permits on the windows side and a number of missing port
bindings to my docker container where ipa was running for 135/tcp
and 1024-1300/tcp. After correcting those issues I was able to
establish the trust.
Well, I _thought_ I had the trust established. I tried to run kvno -S
cifs adserver.example.com per
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/trust-during#trust-configure-verify-kerberos,
but I get an error that the server is not found in the Kerberos
database. I tried to subsequently run "ipa trust-fetch-domains
AD_DOMAIN" and got an error that the time may not be in sync between
the ipa and ad dc but I verified that the is synced between them. I
have a copy of the error log from the IPA server from trying to run
trust-fetch-domains if that's helpful.
Yes, please provide any logs you could. ;)
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/LSZWWBKB54DKQQN6HMRLTFR6ZF25KBFV/
