On Fri, 27 May 2016, Ben .T.George wrote:

i ran some commands from AD side and the Trust status got changed.Below is
the command i used on AD

netdom trust <TrustingDomainName> /d:<TrustedDomainName> /verify

Before it was : "waiting for confirmation by remote side" and not it got
changed to "Trust type: Active Directory domain"

But when i am trying to map AD group, it not going through

root@zkwipamstr01 ~]# ipa group-add-member ad_admins_external --external
'MTC_TABS\Domain Users'
[member user]:
[member group]:
Group name: ad_admins_external
Description: ad_domain admins external map
Failed members:
  member user:
  *member group: MTC_TABS\Domain Users: trusted domain object not found *
Number of members added 0

This is what my trust properties from AD. Trust type is showing as realm
It should be 'Forest', not 'realm'. Realm is for plain MIT Kerberos
realm trust which is *not* what IPA provides.

[image: Inline image 1]

How can i fix this issue.
Use correct type of trust when establishing trust on AD side. If your
Windows version does not allow to specify proper trust type, I'm afraid,
there is nothing we can help with.

/ Alexander Bokovoy

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to