On Thu, 11 Sep 2014, Traiano Welcome wrote:
This one is not usable. You need to enable debugging on the server side.
See http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#
in the part where it talks about /usr/share/ipa/smb.conf.empty.

I've attached the debug logs, I'd be thankful if you could find anything
in them!
Can you please keep debugging and re-establish the trust using AD

I can see that AD DC does believe yet the trust is working:
Ticket in credentials cache for @LINUX will expire in 86400 secs
GSS client Update(krb5)(1) Update failed: Unspecified GSS failure.
Minor code may provide more information: KDC policy rejects request

"KDC policy rejects request" means AD-side of the trust is not set and

By running 'ipa trust-add ... --admin ..' you'll force AD DC to reset trust
and verify it.

/ Alexander Bokovoy

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to