On Fri, 27 May 2016, Ben .T.George wrote:
i ran some commands from AD side and the Trust status got changed.Below is
the command i used on AD
netdom trust <TrustingDomainName> /d:<TrustedDomainName> /verify
Before it was : "waiting for confirmation by remote side" and not it got
changed to "Trust type: Active Directory domain"
But when i am trying to map AD group, it not going through
root@zkwipamstr01 ~]# ipa group-add-member ad_admins_external --external
Group name: ad_admins_external
Description: ad_domain admins external map
*member group: MTC_TABS\Domain Users: trusted domain object not found *
Number of members added 0
This is what my trust properties from AD. Trust type is showing as realm
It should be 'Forest', not 'realm'. Realm is for plain MIT Kerberos
realm trust which is *not* what IPA provides.
[image: Inline image 1]
How can i fix this issue.
Use correct type of trust when establishing trust on AD side. If your
Windows version does not allow to specify proper trust type, I'm afraid,
there is nothing we can help with.
/ Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project