Hi, So, after I got the ipa-adtrust-install working, I tried to create a trust between our freeipa cluster, and a new AD machine.
It seemed to run ok, and gave an output, but in the ui under trusts, there is nothing. [root@freeipa1-01 httpd]# ipa trust-add --type=ad ad.genops --admin Administrator Active Directory domain administrator's password: -------------------------------------------------- Added Active Directory trust for realm "ad.genops" -------------------------------------------------- Realm name: ad.genops Domain NetBIOS name: AD Domain Security Identifier: S-1-5-21-1113268607-2619903336-2585939669 SID blacklist incoming: S-1-5-20, S-1-5-3, S-1-5-2, S-1-5-1, S-1-5-7, S-1-5-6, S-1-5-5, S-1-5-4, S-1-5-9, S-1-5-8, S-1-5-17, S-1-5-16, S-1-5-15, S-1-5-14, S-1-5-13, S-1-5-12, S-1-5-11, S-1-5-10, S-1-3, S-1-2, S-1-1, S-1-0, S-1-5-19, S-1-5-18 SID blacklist outgoing: S-1-5-20, S-1-5-3, S-1-5-2, S-1-5-1, S-1-5-7, S-1-5-6, S-1-5-5, S-1-5-4, S-1-5-9, S-1-5-8, S-1-5-17, S-1-5-16, S-1-5-15, S-1-5-14, S-1-5-13, S-1-5-12, S-1-5-11, S-1-5-10, S-1-3, S-1-2, S-1-1, S-1-0, S-1-5-19, S-1-5-18 Trust direction: Trusting forest Trust type: Active Directory domain Trust status: Established and verified [root@freeipa1-01 httpd]# ipa trust-fetch-domains ad.genops ipa: ERROR: no matching entry found Any pointers as to where to start looking? It seems to have added the id range for AD, as well as the Default Trust View. Just not the actual trust. I can see the trust has been created on the AD side fine. FreeIPA 4.2 on CentOS 7 Windows 2012R2 TIA Darren.
smime.p7s
Description: S/MIME cryptographic signature
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project