Trust is successfully established
ipa trust-find---------------1 trust matched--------------- Realm name:
ad_domain.local Domain NetBIOS name: AD_DOMAIN
and I can get kerberos ticket and access to servicesKRB5_TRACE=/dev/stderr kvno
-S cifs ADDC.AD_DOMAIN
[3552] 1467143851.633980: Received creds for desired service
cifs/ADDC.AD_DOMAIN[3552] 1467143851.634008: Storing my_user@AD_DOMAIN ->
cifs/ADDC@AD_DOMAIN in
KEYRING:persistent:0:krb_ccache_02UjQwjcifs/ADDC.AD_DOMAIN: kvno = 29
time is also correct and matches on both ipa and Domain Controller
When I go with the last few steps to add external AD group to the IPA
--external I get the followingipa group-add-member ad_domain_admins_external
--external 'AD_DOMAIN\Ops_Admins'[member user]:[member group]: Group name:
ad_domain_admins_external Description: ad_domain_admins external map Failed
members: member user: member group: AD_DOMAIN\Ops_Admins: trusted domain
object not found-------------------------Number of members added 0
I have verified the Ops_Admins is readable by everyone in Active Directory.
In error_log I get
[:error] [pid 2619] ipa: INFO: [jsonserver_session] admin@IPA_DOMAIN:
group_add_member(u'ad_domain_admins_external',
ipaexternalmember=(u'AD_DOMAIN\\\\Ops_Admins',), all=False, raw=False,
version=u'2.156', no_members=False): SUCCESS
Any idea on what steps I'm missing or what other things to check ?
thanks
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
