On Wed, Feb 03, 2016 at 11:17:46AM -0600, Josh Pospisil wrote:
> I have successfully set up a trust between AD (windows server 2012) and
> freeIPA following this guide:
> http://www.freeipa.org/page/Active_Directory_trust_setup
> 
> My hope in doing this was to allow the users I have created on the freeIPA
> server to logon to our windows computers without recreating all of the
> users in AD, but this is not working.  Can anyone verify whether or not
> this should be true or does the trust only work the opposite direction?  If
> it should be true, can anyone offer any tips for troubleshooting?

no, this is currently not possible because a Global Catalog is needed
on the FreeIPA side. This is currently work-in-progress and tracked by
https://fedorahosted.org/freeipa/ticket/3125 .

> 
> When I try to verify the trust on the AD server, I get the following error:
> "There are currently no logon servers available to service the logon
> request."
> 
> Dns was setup as described in the guide above.

Did you open all the firewall ports listed at the end of
ipa-adtrust-install?

HTH

bye,
Sumit

> 
> Thanks in advance for any help.
> 
> 
> Josh

> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to