Trust is successfully established

ipa trust-find---------------1 trust matched---------------  Realm name:  
ad_domain.local  Domain NetBIOS name: AD_DOMAIN
and I can get kerberos ticket and access to servicesKRB5_TRACE=/dev/stderr kvno 
-S cifs ADDC.AD_DOMAIN
[3552] 1467143851.633980: Received creds for desired service 
cifs/ADDC.AD_DOMAIN[3552] 1467143851.634008: Storing my_user@AD_DOMAIN -> 
cifs/ADDC@AD_DOMAIN in 
KEYRING:persistent:0:krb_ccache_02UjQwjcifs/ADDC.AD_DOMAIN: kvno = 29
time is also correct and matches on both ipa and Domain Controller
When I go with the last few steps to add external AD group to the IPA 
--external I get the followingipa group-add-member ad_domain_admins_external 
--external 'AD_DOMAIN\Ops_Admins'[member user]:[member group]:  Group name: 
ad_domain_admins_external  Description: ad_domain_admins external map  Failed 
members:    member user:    member group: AD_DOMAIN\Ops_Admins: trusted domain 
object not found-------------------------Number of members added 0
I have verified the Ops_Admins is readable by everyone in Active Directory. 
In error_log I get
[:error] [pid 2619] ipa: INFO: [jsonserver_session] admin@IPA_DOMAIN: 
group_add_member(u'ad_domain_admins_external', 
ipaexternalmember=(u'AD_DOMAIN\\\\Ops_Admins',), all=False, raw=False, 
version=u'2.156', no_members=False): SUCCESS
Any idea on what steps I'm missing or what other things to check ?
thanks
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to