HI Alex.

I Am using windows 2008 R2.

when i am giving IPA's DNS name and click next, the trust wizard is not
going through. But if i am selecting realm trust , atleast the wizard
completes.

So which AD version is recommended ?

Regards,
Ben

On Fri, May 27, 2016 at 7:05 AM, Alexander Bokovoy <aboko...@redhat.com>
wrote:

> On Fri, 27 May 2016, Ben .T.George wrote:
>
>> HI
>>
>> i ran some commands from AD side and the Trust status got changed.Below is
>> the command i used on AD
>>
>> netdom trust <TrustingDomainName> /d:<TrustedDomainName> /verify
>>
>>
>> Before it was : "waiting for confirmation by remote side" and not it got
>> changed to "Trust type: Active Directory domain"
>>
>> But when i am trying to map AD group, it not going through
>>
>>
>> root@zkwipamstr01 ~]# ipa group-add-member ad_admins_external --external
>> 'MTC_TABS\Domain Users'
>> [member user]:
>> [member group]:
>> Group name: ad_admins_external
>> Description: ad_domain admins external map
>> Failed members:
>>   member user:
>>   *member group: MTC_TABS\Domain Users: trusted domain object not found *
>> -------------------------
>> Number of members added 0
>> -------------------------
>>
>> This is what my trust properties from AD. Trust type is showing as realm
>>
> It should be 'Forest', not 'realm'. Realm is for plain MIT Kerberos
> realm trust which is *not* what IPA provides.
>
> [image: Inline image 1]
>>
>> How can i fix this issue.
>>
> Use correct type of trust when establishing trust on AD side. If your
> Windows version does not allow to specify proper trust type, I'm afraid,
> there is nothing we can help with.
>
> --
> / Alexander Bokovoy
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to