Hello,
I'm trying to setup trust with our AD domain in test environment, but
I've got an error:
ipa trust-add --type=ad test.local --two-way=1 --admin Administrator
--password
ipa: ERROR: CIFS server communication error: code "-1073741725",
message "User exists" (both may be "None").
After enabling log level = 100 in /var/log/httpd/error_log I have:
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fcca804f880
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fcca804f880
lsa_CreateTrustedDomainEx2: struct lsa_CreateTrustedDomainEx2
out: struct lsa_CreateTrustedDomainEx2
trustdom_handle : *
trustdom_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
00000000-0000-0000-0000-000000000000
result : NT_STATUS_USER_EXISTS
rpc reply data:
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........
........
[0010] 00 00 00 00 63 00 00 C0 ....c...
[Wed Feb 24 12:44:21.039930 2016] [:error] [pid 17911] ipa: INFO:
[jsonserver_kerb] ad...@linux.test.LOCAL: trust_add(u'test.local',
trust_type=u'ad', realm_admin=u'Administrator',
realm_passwd=u'********', bidirectional=True, all=False, raw=False,
version=u'2.156'): RemoteRetrieveError
FreeIPA domain is configured as subdomain linux.test.local of our main
domain test.local (on DNS I've added NS records for subdomain
delegation).
FreeIPA server:
CentOS 7.2
ipa-server-4.2.0-15.el7_2.6.x86_64
ipa-server-trust-ad-4.2.0-15.el7_2.6.x86_64
AD server:
Windows 2012 with about 2k users.
--
Regards
Daniel Kubiak
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
