Hi, So, after I got the ipa-adtrust-install working, I tried to create a trust between our freeipa cluster, and a new AD machine.
It seemed to run ok, and gave an output, but in the ui under trusts, there
is nothing.
[root@freeipa1-01 httpd]# ipa trust-add --type=ad ad.genops --admin
Administrator
Active Directory domain administrator's password:
--------------------------------------------------
Added Active Directory trust for realm "ad.genops"
--------------------------------------------------
Realm name: ad.genops
Domain NetBIOS name: AD
Domain Security Identifier: S-1-5-21-1113268607-2619903336-2585939669
SID blacklist incoming: S-1-5-20, S-1-5-3, S-1-5-2, S-1-5-1, S-1-5-7,
S-1-5-6, S-1-5-5, S-1-5-4, S-1-5-9, S-1-5-8, S-1-5-17, S-1-5-16, S-1-5-15,
S-1-5-14, S-1-5-13, S-1-5-12, S-1-5-11, S-1-5-10,
S-1-3, S-1-2, S-1-1, S-1-0, S-1-5-19, S-1-5-18
SID blacklist outgoing: S-1-5-20, S-1-5-3, S-1-5-2, S-1-5-1, S-1-5-7,
S-1-5-6, S-1-5-5, S-1-5-4, S-1-5-9, S-1-5-8, S-1-5-17, S-1-5-16, S-1-5-15,
S-1-5-14, S-1-5-13, S-1-5-12, S-1-5-11, S-1-5-10,
S-1-3, S-1-2, S-1-1, S-1-0, S-1-5-19, S-1-5-18
Trust direction: Trusting forest
Trust type: Active Directory domain
Trust status: Established and verified
[root@freeipa1-01 httpd]# ipa trust-fetch-domains ad.genops
ipa: ERROR: no matching entry found
Any pointers as to where to start looking? It seems to have added the id
range for AD, as well as the Default Trust View. Just not the actual trust.
I can see the trust has been created on the AD side fine.
FreeIPA 4.2 on CentOS 7
Windows 2012R2
TIA
Darren.
smime.p7s
Description: S/MIME cryptographic signature
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
