Hi Alexander,
I do belive is a DNS problem, the command failing are

host -t srv _ldap._tcp.ad_domain
dig SRV _ldap._tcp.ad_domain
after checkig the logs a see this error
"no valid DS resolving '_ldap._tcp.ad_domain /SRV/IN':"

so i disable the dnssec validation on IPA and it work as expected, i will
setup dnssec on the windows side and enable dns validation once more on IPA
to see if can get the same outcome.

Thanks for you answer

2016-10-20 10:10 GMT-04:00 Alexander Bokovoy <aboko...@redhat.com>:

> On to, 20 loka 2016, Carlos Raúl Laguna wrote:
>> Hello everyone,
>> Both server are fresh install 2008r2 and fedora 24 server freeipa 4.3.2 as
>> documentation explain in
>> http://www.freeipa.org/page/Active_Directory_trust_setup#If_
>> AD_is_subdomain_of_IPA
>> however the server is unable to resolve any record from my child domain, i
>> found
>> this bug https://fedorahosted.org/freeipa/ticket/6062, but not sure if
>> this
>> version of IPA is affected by it.
>> The procedure in the documentation is still valid ?.
> Given that you have literally provided no logs that would help to help
> you, let's start from it.
> Show what's your problem is through the logs. What exact commands are
> failing? If you suspect DNS issues, show your named-pkcs11's logs.
> --
> / Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to