Hi

Dealing with AD --> Cert Trust I am reaching the following step:

 ipa trust-add  ad.company.com  --admin <user>  --password
Active Directory domain administrator's password:
ipa: ERROR: AD DC was unable to reach any IPA domain controller. Most likely it is a DNS or firewall issue


Reaching this far I do not know what the issue is .. Nevertheless and before start playing around with the DNS further more....


if I run the following it seems to successfully establish the trust by the IPA side of the business

# ipa trust-add --type=ad "ad_domain" --trust-secret

So this part seems find by the look of it..



I also had to manually add the AD host and the remote CIFS resource but I am getting instead:

ipa trust-fetch-domains corp.hootsuitemedia.com
ipa: ERROR: AD domain controller complains about communication sequence. It may mean unsynchronized time on both sides, for example

on the log for kerberos I get:

krb5kdc[23951](info): TGS_REQ (6 etypes {18 17 16 23 25 26}) 10.0.146.161: BAD_ENCRYPTION_TYPE: authtime 0, HTTP/freeipaserver.ldap.company.com@LDAP.COMPANY.COMfor cifs/server1.ad.company....@ldap.company.com, KDC has no support for encryption type



Any idea? tips?

Thanks very much!


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to