On Thu, 11 Sep 2014, Traiano Welcome wrote:
This one is not usable. You need to enable debugging on the server side.
See http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#
Debugging_trust
in the part where it talks about /usr/share/ipa/smb.conf.empty.



I've attached the debug logs, I'd be thankful if you could find anything
in them!
Can you please keep debugging and re-establish the trust using AD
credentials?

I can see that AD DC does believe yet the trust is working:
Ticket in credentials cache for @LINUX will expire in 86400 secs
GSS client Update(krb5)(1) Update failed: Unspecified GSS failure.
Minor code may provide more information: KDC policy rejects request

"KDC policy rejects request" means AD-side of the trust is not set and
verified.

By running 'ipa trust-add ... --admin ..' you'll force AD DC to reset trust
and verify it.


--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to