Re: [Freeipa-users] ipa trust-add seems to work, but doesn't add the trust in FreeIPA
On Thu, 10 Mar 2016, Darren Poulson wrote: Hi, So, after I got the ipa-adtrust-install working, I tried to create a trust between our freeipa cluster, and a new AD machine. It seemed to run ok, and gave an output, but in the ui under trusts, there is nothing. [root@freeipa1-01 httpd]# ipa trust-add --type=ad ad.genops --admin Administrator Active Directory domain administrator's password: -- Added Active Directory trust for realm "ad.genops" -- Realm name: ad.genops Domain NetBIOS name: AD Domain Security Identifier: S-1-5-21-1113268607-2619903336-2585939669 SID blacklist incoming: S-1-5-20, S-1-5-3, S-1-5-2, S-1-5-1, S-1-5-7, S-1-5-6, S-1-5-5, S-1-5-4, S-1-5-9, S-1-5-8, S-1-5-17, S-1-5-16, S-1-5-15, S-1-5-14, S-1-5-13, S-1-5-12, S-1-5-11, S-1-5-10, S-1-3, S-1-2, S-1-1, S-1-0, S-1-5-19, S-1-5-18 SID blacklist outgoing: S-1-5-20, S-1-5-3, S-1-5-2, S-1-5-1, S-1-5-7, S-1-5-6, S-1-5-5, S-1-5-4, S-1-5-9, S-1-5-8, S-1-5-17, S-1-5-16, S-1-5-15, S-1-5-14, S-1-5-13, S-1-5-12, S-1-5-11, S-1-5-10, S-1-3, S-1-2, S-1-1, S-1-0, S-1-5-19, S-1-5-18 Trust direction: Trusting forest Trust type: Active Directory domain Trust status: Established and verified [root@freeipa1-01 httpd]# ipa trust-fetch-domains ad.genops ipa: ERROR: no matching entry found Any pointers as to where to start looking? It seems to have added the id range for AD, as well as the Default Trust View. Just not the actual trust. I can see the trust has been created on the AD side fine. http://www.freeipa.org/page/Active_Directory_trust_setup#Debugging_trust -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] ipa trust-add seems to work, but doesn't add the trust in FreeIPA
Hi, So, after I got the ipa-adtrust-install working, I tried to create a trust between our freeipa cluster, and a new AD machine. It seemed to run ok, and gave an output, but in the ui under trusts, there is nothing. [root@freeipa1-01 httpd]# ipa trust-add --type=ad ad.genops --admin Administrator Active Directory domain administrator's password: -- Added Active Directory trust for realm "ad.genops" -- Realm name: ad.genops Domain NetBIOS name: AD Domain Security Identifier: S-1-5-21-1113268607-2619903336-2585939669 SID blacklist incoming: S-1-5-20, S-1-5-3, S-1-5-2, S-1-5-1, S-1-5-7, S-1-5-6, S-1-5-5, S-1-5-4, S-1-5-9, S-1-5-8, S-1-5-17, S-1-5-16, S-1-5-15, S-1-5-14, S-1-5-13, S-1-5-12, S-1-5-11, S-1-5-10, S-1-3, S-1-2, S-1-1, S-1-0, S-1-5-19, S-1-5-18 SID blacklist outgoing: S-1-5-20, S-1-5-3, S-1-5-2, S-1-5-1, S-1-5-7, S-1-5-6, S-1-5-5, S-1-5-4, S-1-5-9, S-1-5-8, S-1-5-17, S-1-5-16, S-1-5-15, S-1-5-14, S-1-5-13, S-1-5-12, S-1-5-11, S-1-5-10, S-1-3, S-1-2, S-1-1, S-1-0, S-1-5-19, S-1-5-18 Trust direction: Trusting forest Trust type: Active Directory domain Trust status: Established and verified [root@freeipa1-01 httpd]# ipa trust-fetch-domains ad.genops ipa: ERROR: no matching entry found Any pointers as to where to start looking? It seems to have added the id range for AD, as well as the Default Trust View. Just not the actual trust. I can see the trust has been created on the AD side fine. FreeIPA 4.2 on CentOS 7 Windows 2012R2 TIA Darren. smime.p7s Description: S/MIME cryptographic signature -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project