Re: [Freeipa-users] Troubleshooting Forest-Trust to AD
On Mon, 15 Aug 2016, Petr Spacek wrote: On 12.8.2016 02:18, Paul Smith wrote: I'm having issues establishing Trust with an existing Active Directory domain (Windows Server 2012 R2). I can get IPA up and running and have spent the day troubleshooting DNS\Kerberos I think the main issue is something remaining in kerberos but i'm not sure what. I followed the deployment and troubleshooting guide as best I could with my environment. The problem happens when I try the ipa trust-add. I get a message: ipa: ERROR: AD domain controller complains about communication sequence I know that my time zone and time is in sync with the same server. This is a proof-of-concept design that I'd like to explore\learn more about. Below are details on the linux environment: *uname -a* Linux dclinux.linuxtrust.local 4.4.0-34-generic #53-Ubuntu SMP Wed Jul 27 16:06:39 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux *lsb_release -a* No LSB modules are available. Distributor ID: Ubuntu Description:Ubuntu 16.04.1 LTS Release:16.04 Codename: xenial *ipa --version* VERSION: 4.3.1, API_VERSION: 2.164 If anyone can help, I'd be more than willing to post the detailed samba logs, as this is just a local lab environment Unless things changed, Ubuntu-built Samba is linked with Heimdal kerberos, not MIT Kerberos, and thus cannot be used with FreeIPA for trust setup. See https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1552249 -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Troubleshooting Forest-Trust to AD
On 12.8.2016 02:18, Paul Smith wrote: > I'm having issues establishing Trust with an existing Active Directory > domain (Windows Server 2012 R2). I can get IPA up and running and have > spent the day troubleshooting DNS\Kerberos > > I think the main issue is something remaining in kerberos but i'm not sure > what. > I followed the deployment and troubleshooting guide as best I could with my > environment. > The problem happens when I try the ipa trust-add. I get a message: > ipa: ERROR: AD domain controller complains about communication sequence > > I know that my time zone and time is in sync with the same server. > This is a proof-of-concept design that I'd like to explore\learn more > about. Below are details on the linux environment: > > *uname -a* > Linux dclinux.linuxtrust.local 4.4.0-34-generic #53-Ubuntu SMP Wed Jul 27 > 16:06:39 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux > > *lsb_release -a* > No LSB modules are available. > Distributor ID: Ubuntu > Description:Ubuntu 16.04.1 LTS > Release:16.04 > Codename: xenial > > *ipa --version* > VERSION: 4.3.1, API_VERSION: 2.164 > > If anyone can help, I'd be more than willing to post the detailed samba > logs, as this is just a local lab environment I would recommend you to start with http://www.freeipa.org/page/Troubleshooting#Trusts :-) -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
