On 10/08/2014 07:29 AM, Genadi Postrilko wrote:
Both Domain functional level and Forest functional level are Windows
Server 2008 R2.
Does blue.com actually resolves to the AD host?
May be there is some DNS misconfiguration on the Linux system where you
run the command from.
2014-10-08 9:24 GMT+02:00 Sumit Bose <sb...@redhat.com
On Wed, Oct 08, 2014 at 02:42:47AM +0200, Genadi Postrilko wrote:
> I am attempting to create trust between AD and IPA.
> I have deployed AD environment as follows:
> I have created domain RED.COM <http://RED.COM>
> Then i add new domain tree root - BLUE.COM <http://BLUE.COM>.
> Now i would like to establish trust with IPA as a sub domain
> of BLUE.COM <http://BLUE.COM>.
> I followed the guide and when reaching to trust agreement creation i
> stumbled into this error:
> ipa trust-add --type=ad blue.com <http://blue.com> --admin
> Active directory domain administrator's password:
> ipa: ERROR: invalid 'AD domain controller': unsupported
can you check the domain and forest functional levels of your domains?
You can find this information in the 'Active Directory Domains and
Trusts' utility by right-clicking the domain name and selecting
properties? iirc the minimal level we support in 2003R2.
> Both AD server are 2008 R2.
> IPA version is 3.3, installed on RHEL 7.
> Help will be appreciated.
> Manage your subscription for the Freeipa-users mailing list:
> Go To http://freeipa.org for more info on the project
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project