Hi i have re-installed everything . my current versions are Centos 7 with IPA 4.1
i followed this tutorial: http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup when i fetch , it went successful: *[root@kwtpocpbis01 ~]# ipa trustdomain-find "infra.com <http://infra.com>"* * Domain name: infra.com <http://infra.com>* * Domain NetBIOS name: INFRA* * Domain Security Identifier: S-1-5-21-191287045-4012216658-3592112898* * Domain enabled: True* *----------------------------* *Number of entries returned 1* *----------------------------* *[root@kwtpocpbis01 ~]# ipa trustdomain-find "infra.com <http://infra.com>"* * Domain name: infra.com <http://infra.com>* * Domain NetBIOS name: INFRA* * Domain Security Identifier: S-1-5-21-191287045-4012216658-3592112898* * Domain enabled: True* *----------------------------* *Number of entries returned 1* *----------------------------* when i gone through "Allow access for users from AD domain to protected resources", i am getting errors, *[root@kwtpocpbis01 ~]# ipa group-add --desc='infra.com <http://infra.com> users external map' ad_users_external --external* *-------------------------------* *Added group "ad_users_external"* *-------------------------------* * Group name: ad_users_external* * Description: infra.com <http://infra.com> users external map* *[root@kwtpocpbis01 ~]# ipa group-add --desc='infra.com <http://infra.com> users' ad_users* *----------------------* *Added group "ad_users"* *----------------------* * Group name: ad_users* * Description: infra.com <http://infra.com> users* * GID: 643400005* *[root@kwtpocpbis01 ~]# ipa group-add-member ad_users_external --external 'INFRA\Domain Users'* *[member user]:* *[member group]:* * Group name: ad_users_external* * Description: infra.com <http://infra.com> users external map* * Failed members:* * member user:* * member group: INFRA\Domain Users: trusted domain object not found* *-------------------------* *Number of members added 0* *-------------------------* *[root@kwtpocpbis01 ~]# ipa group-add-member ad_users --groups ad_users_external* * Group name: ad_users* * Description: infra.com <http://infra.com> users* * GID: 643400005* * Member groups: ad_users_external* *-------------------------* *Number of members added 1* *-------------------------* please help me to solve this issue: below error is getting on httpd/error_log while trying : *ipa group-add-member ad_users_external --external 'INFRA\Domain Users'* *[Thu Mar 05 11:36:37.371594 2015] [:error] [pid 4090] ipa: WARNING: Search on AD DC kwtipaad001.infra.com:3268 <http://kwtipaad001.infra.com:3268> failed with: Insufficient access: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Ticket not yet valid)* *[Thu Mar 05 11:36:37.374280 2015] [:error] [pid 4090] ipa: INFO: [jsonserver_kerb] admin@SOLARIS.LOCAL: group_add_member(u'ad_users_external', ipaexternalmember=(u'INFRA\\\\Domain Users',), all=False, raw=False, version=u'2.113', no_members=False): SUCCESS* Thanks & Regards, Ben
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project