On 10/08/2014 07:29 AM, Genadi Postrilko wrote:
Both Domain functional level and Forest functional level are Windows Server 2008 R2.



Does blue.com actually resolves to the AD host?
May be there is some DNS misconfiguration on the Linux system where you run the command from.

2014-10-08 9:24 GMT+02:00 Sumit Bose <sb...@redhat.com <mailto:sb...@redhat.com>>:

    On Wed, Oct 08, 2014 at 02:42:47AM +0200, Genadi Postrilko wrote:
    > Hello.
    >
    > I am attempting to create trust between AD and IPA.
    >
    > I have deployed AD environment as follows:
    >
    > I have created domain RED.COM <http://RED.COM>
    > Then i add new domain tree root - BLUE.COM <http://BLUE.COM>.
    >
    > Now i would like to establish trust with IPA as a sub domain
    (LINUX.BLUE.COM <http://LINUX.BLUE.COM>)
    > of BLUE.COM <http://BLUE.COM>.
    >
    > I followed the guide and when reaching to trust agreement creation i
    > stumbled into this error:
    >
    >  ipa trust-add --type=ad blue.com <http://blue.com> --admin
    Administrator --password
    > Active directory domain administrator's password:
    > ipa: ERROR: invalid 'AD domain controller': unsupported
    functional level

    can you check the domain and forest functional levels of your domains?
    You can find this information in the 'Active Directory Domains and
    Trusts' utility by right-clicking the domain name and selecting
    properties? iirc the minimal level we support in 2003R2.

    bye,
    Sumit

    >
    > Both AD server are 2008 R2.
    > IPA version is 3.3, installed on RHEL 7.
    >
    > Help will be appreciated.
    >
    > Genadi.

    > --
    > Manage your subscription for the Freeipa-users mailing list:
    > https://www.redhat.com/mailman/listinfo/freeipa-users
    > Go To http://freeipa.org for more info on the project






--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to