Hello,

I'm trying to setup trust with our AD domain in test environment, but I've got an error: ipa trust-add --type=ad test.local --two-way=1 --admin Administrator --password


ipa: ERROR: CIFS server communication error: code "-1073741725",
message "User exists" (both may be "None").

After enabling log level = 100 in /var/log/httpd/error_log I have:
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fcca804f880
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fcca804f880
     lsa_CreateTrustedDomainEx2: struct lsa_CreateTrustedDomainEx2
        out: struct lsa_CreateTrustedDomainEx2
            trustdom_handle          : *
                trustdom_handle: struct policy_handle
                    handle_type              : 0x00000000 (0)
uuid : 00000000-0000-0000-0000-000000000000
            result                   : NT_STATUS_USER_EXISTS
rpc reply data:
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0010] 00 00 00 00 63 00 00 C0                            ....c...
[Wed Feb 24 12:44:21.039930 2016] [:error] [pid 17911] ipa: INFO: [jsonserver_kerb] ad...@linux.test.LOCAL: trust_add(u'test.local', trust_type=u'ad', realm_admin=u'Administrator', realm_passwd=u'********', bidirectional=True, all=False, raw=False, version=u'2.156'): RemoteRetrieveError

FreeIPA domain is configured as subdomain linux.test.local of our main domain test.local (on DNS I've added NS records for subdomain delegation).

FreeIPA server:
CentOS 7.2
ipa-server-4.2.0-15.el7_2.6.x86_64
ipa-server-trust-ad-4.2.0-15.el7_2.6.x86_64

AD server:
Windows 2012 with about 2k users.

--
Regards
Daniel Kubiak

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to