Hi Alexander, I do belive is a DNS problem, the command failing are host -t srv _ldap._tcp.ad_domain or dig SRV _ldap._tcp.ad_domain after checkig the logs a see this error "no valid DS resolving '_ldap._tcp.ad_domain /SRV/IN': 10.20.4.22#53"
so i disable the dnssec validation on IPA and it work as expected, i will setup dnssec on the windows side and enable dns validation once more on IPA to see if can get the same outcome. Thanks for you answer 2016-10-20 10:10 GMT-04:00 Alexander Bokovoy <aboko...@redhat.com>: > On to, 20 loka 2016, Carlos Raúl Laguna wrote: > >> Hello everyone, >> >> Both server are fresh install 2008r2 and fedora 24 server freeipa 4.3.2 as >> documentation explain in >> http://www.freeipa.org/page/Active_Directory_trust_setup#If_ >> AD_is_subdomain_of_IPA >> >> however the server is unable to resolve any record from my child domain, i >> found >> this bug https://fedorahosted.org/freeipa/ticket/6062, but not sure if >> this >> version of IPA is affected by it. >> >> The procedure in the documentation is still valid ?. >> > Given that you have literally provided no logs that would help to help > you, let's start from it. > > Show what's your problem is through the logs. What exact commands are > failing? If you suspect DNS issues, show your named-pkcs11's logs. > > -- > / Alexander Bokovoy >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project