On 12.8.2016 02:18, Paul Smith wrote: > I'm having issues establishing Trust with an existing Active Directory > domain (Windows Server 2012 R2). I can get IPA up and running and have > spent the day troubleshooting DNS\Kerberos > > I think the main issue is something remaining in kerberos but i'm not sure > what. > I followed the deployment and troubleshooting guide as best I could with my > environment. > The problem happens when I try the ipa trust-add. I get a message: > ipa: ERROR: AD domain controller complains about communication sequence > > I know that my time zone and time is in sync with the same server. > This is a proof-of-concept design that I'd like to explore\learn more > about. Below are details on the linux environment: > > *uname -a* > Linux dclinux.linuxtrust.local 4.4.0-34-generic #53-Ubuntu SMP Wed Jul 27 > 16:06:39 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux > > *lsb_release -a* > No LSB modules are available. > Distributor ID: Ubuntu > Description: Ubuntu 16.04.1 LTS > Release: 16.04 > Codename: xenial > > *ipa --version* > VERSION: 4.3.1, API_VERSION: 2.164 > > If anyone can help, I'd be more than willing to post the detailed samba > logs, as this is just a local lab environment
I would recommend you to start with http://www.freeipa.org/page/Troubleshooting#Trusts :-) -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project