I Am using windows 2008 R2.
when i am giving IPA's DNS name and click next, the trust wizard is not
going through. But if i am selecting realm trust , atleast the wizard
So which AD version is recommended ?
On Fri, May 27, 2016 at 7:05 AM, Alexander Bokovoy <aboko...@redhat.com>
> On Fri, 27 May 2016, Ben .T.George wrote:
>> i ran some commands from AD side and the Trust status got changed.Below is
>> the command i used on AD
>> netdom trust <TrustingDomainName> /d:<TrustedDomainName> /verify
>> Before it was : "waiting for confirmation by remote side" and not it got
>> changed to "Trust type: Active Directory domain"
>> But when i am trying to map AD group, it not going through
>> root@zkwipamstr01 ~]# ipa group-add-member ad_admins_external --external
>> 'MTC_TABS\Domain Users'
>> [member user]:
>> [member group]:
>> Group name: ad_admins_external
>> Description: ad_domain admins external map
>> Failed members:
>> member user:
>> *member group: MTC_TABS\Domain Users: trusted domain object not found *
>> Number of members added 0
>> This is what my trust properties from AD. Trust type is showing as realm
> It should be 'Forest', not 'realm'. Realm is for plain MIT Kerberos
> realm trust which is *not* what IPA provides.
> [image: Inline image 1]
>> How can i fix this issue.
> Use correct type of trust when establishing trust on AD side. If your
> Windows version does not allow to specify proper trust type, I'm afraid,
> there is nothing we can help with.
> / Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project