Probably there are better ways to solve this issue but the way that works for
me is to validate the trust from the AD side after a reboot of the IPA Server -
it always shows as offline for me too. On 2012 Server you can do this through
Active Directory Domains and Trusts - properties on your domain and go to trust
tab - properties again. Next you press validate on the General tab. AD will ask
for authentication but that can be skipped.
AD Trust will be back online right away and you can check it through wbinfo
Probably the procedure are similar on Server 2008.
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
behalf of Mark Gardner [malek...@gmail.com]
Sent: Friday, June 27, 2014 20:23
Subject: [Freeipa-users] Help: Rebooted IPA server and AD Trust shows offline
Was trying to add an external ad group to IPA, it kept failing with unable to
connect to server.
Figured I'd reboot to clear things up. Oops.
Now wbinfo --online-status shows are AD as offline.
wbinfo -u shows blank
wbinfo -n 'DOMAIN\user' gives the following message:
failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
could not lookup 'Domain\user'
I saw a similar post in the freeipa-users archive about adding
client min protocol = CORE
client max protocol = SMB2_02
to the samba config; restarted winbind and still getting errors
Windows 2008 R2.
This e-mail is private and confidential between the sender and the addressee.
In the event of misdirection, the recipient is prohibited from using, copying
or disseminating it or any information in it. Please notify the above if any
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project