HI Alex. I Am using windows 2008 R2.
when i am giving IPA's DNS name and click next, the trust wizard is not going through. But if i am selecting realm trust , atleast the wizard completes. So which AD version is recommended ? Regards, Ben On Fri, May 27, 2016 at 7:05 AM, Alexander Bokovoy <aboko...@redhat.com> wrote: > On Fri, 27 May 2016, Ben .T.George wrote: > >> HI >> >> i ran some commands from AD side and the Trust status got changed.Below is >> the command i used on AD >> >> netdom trust <TrustingDomainName> /d:<TrustedDomainName> /verify >> >> >> Before it was : "waiting for confirmation by remote side" and not it got >> changed to "Trust type: Active Directory domain" >> >> But when i am trying to map AD group, it not going through >> >> >> root@zkwipamstr01 ~]# ipa group-add-member ad_admins_external --external >> 'MTC_TABS\Domain Users' >> [member user]: >> [member group]: >> Group name: ad_admins_external >> Description: ad_domain admins external map >> Failed members: >> member user: >> *member group: MTC_TABS\Domain Users: trusted domain object not found * >> ------------------------- >> Number of members added 0 >> ------------------------- >> >> This is what my trust properties from AD. Trust type is showing as realm >> > It should be 'Forest', not 'realm'. Realm is for plain MIT Kerberos > realm trust which is *not* what IPA provides. > > [image: Inline image 1] >> >> How can i fix this issue. >> > Use correct type of trust when establishing trust on AD side. If your > Windows version does not allow to specify proper trust type, I'm afraid, > there is nothing we can help with. > > -- > / Alexander Bokovoy >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project