On Wed, 07 Sep 2016, Troels Hansen wrote:

----- On Sep 7, 2016, at 9:55 AM, Alexander Bokovoy aboko...@redhat.com wrote:

"Target was not recognized" means AD DC doesn't know that
rhel02edv.linux.dr.dk belongs to LINUX.DR.DK realm and thus has to
forward the authentication requests there.

What do you have in the trust properties on AD side? Specifically, what
does name routing suffixes show there?

Yes, its correct, there is no routing configured.
I can't see to be able to add it manually, and auto refresh doesn't work:
https://fedorahosted.org/freeipa/ticket/5683
How exactly did you establish the trust? I see you have one-way trust
but did you establish it with AD admin credentials or using a shared
secret? If the latter, it is a known issue that AD does not activate the
trust for shared secret one-way case and aforementioned bug prevents us
to validate the rust afterwards.
--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to