On 02/27/2015 10:01 AM, mete bilgin wrote:

2015-02-27 10:45 GMT+02:00 Martin Kosek <mko...@redhat.com
<mailto:mko...@redhat.com>>:

    On 02/27/2015 09:39 AM, mete bilgin wrote:



        2015-02-27 10:33 GMT+02:00 Martin Kosek <mko...@redhat.com
        <mailto:mko...@redhat.com>
        <mailto:mko...@redhat.com <mailto:mko...@redhat.com>>>:

             On 02/27/2015 09:30 AM, mete bilgin wrote:

                 Hello,

                 I'm trying to install ipa-server with trust (Win 2008R2).
                 trustdomain-find will
                 work but when i try to trust-fetch-domains "ipa: ERROR: AD 
domain
                 controller
                 complains about communication sequence. It may mean
        unsynchronized time
                 on both
                 sides, for example" return. Force to reinstall adtrust. Have
        any idea
                 where is
                 the problem?


             You probably done that, but did you indeed verify that the time on
        both
             your IPA server and AD are the same?

        
http://www.freeipa.org/page/____Howto/IPAv3_AD_trust_setup#____Date.2Ftime_settings
        
<http://www.freeipa.org/page/__Howto/IPAv3_AD_trust_setup#__Date.2Ftime_settings>

        
<http://www.freeipa.org/page/__Howto/IPAv3_AD_trust_setup#__Date.2Ftime_settings
        
<http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#Date.2Ftime_settings>>

             Martin

        Yes i did that.
        [root@ipa01 log]# ntpdate -u
        27 Feb 10:37:00 ntpdate[11281]: adjust time server 192.168.12.239 offset
        -0.016979 sec

        By the way,
        #wbinfo --online-status

        BUILTIN : online
        ipadomain: online
        addomain : offline


    Right. Did you also check the actual AD? Especially when AD is in a VM, or
    of if for example it's time zone is wrong, the UTC time may not match.

    Martin

On AD time zone (UTC+02:00) Istanbul and the same time with ipa server.


Ok, thanks. It was worth a try. If this is the case, I think you will simply need to follow our guide for debugging Trusts and send us the logs:

http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#Debugging_trust

Thanks,
Martin

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to