<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 10/08/2014 07:29 AM, Genadi
Postrilko wrote:<br>
</div>
<blockquote
cite="mid:CAPP+0vLqqEOV4WycZ2BKO0kJVdutQLFABXaqLUS1fhrNjPucpA@mail.gmail.com"
type="cite">
<div dir="rtl">
<div dir="ltr">Both Domain functional level and Forest
functional level are Windows Server 2008 R2.</div>
</div>
<div class="gmail_extra"><br>
</div>
</blockquote>
<br>
Does blue.com actually resolves to the AD host?<br>
May be there is some DNS misconfiguration on the Linux system where
you run the command from.<br>
<br>
<blockquote
cite="mid:CAPP+0vLqqEOV4WycZ2BKO0kJVdutQLFABXaqLUS1fhrNjPucpA@mail.gmail.com"
type="cite">
<div class="gmail_extra">
<div class="gmail_quote">
<div dir="ltr">2014-10-08 9:24 GMT+02:00 Sumit Bose <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:sbose@redhat.com" target="_blank">sbose@redhat.com</a>></span>:</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex"><span
class="">On Wed, Oct 08, 2014 at 02:42:47AM +0200, Genadi
Postrilko wrote:<br>
> Hello.<br>
><br>
> I am attempting to create trust between AD and IPA.<br>
><br>
> I have deployed AD environment as follows:<br>
><br>
> I have created domain <a moz-do-not-send="true"
href="http://RED.COM" target="_blank">RED.COM</a><br>
> Then i add new domain tree root - <a
moz-do-not-send="true" href="http://BLUE.COM"
target="_blank">BLUE.COM</a>.<br>
><br>
> Now i would like to establish trust with IPA as a sub
domain (<a moz-do-not-send="true"
href="http://LINUX.BLUE.COM" target="_blank">LINUX.BLUE.COM</a>)<br>
> of <a moz-do-not-send="true" href="http://BLUE.COM"
target="_blank">BLUE.COM</a>.<br>
><br>
> I followed the guide and when reaching to trust
agreement creation i<br>
> stumbled into this error:<br>
><br>
> ipa trust-add --type=ad <a moz-do-not-send="true"
href="http://blue.com" target="_blank">blue.com</a>
--admin Administrator --password<br>
> Active directory domain administrator's password:<br>
> ipa: ERROR: invalid 'AD domain controller':
unsupported functional level<br>
<br>
</span>can you check the domain and forest functional levels
of your domains?<br>
You can find this information in the 'Active Directory
Domains and<br>
Trusts' utility by right-clicking the domain name and
selecting<br>
properties? iirc the minimal level we support in 2003R2.<br>
<br>
bye,<br>
Sumit<br>
<div class="HOEnZb">
<div class="h5"><br>
><br>
> Both AD server are 2008 R2.<br>
> IPA version is 3.3, installed on RHEL 7.<br>
><br>
> Help will be appreciated.<br>
><br>
> Genadi.<br>
<br>
</div>
</div>
<span class="HOEnZb"><font color="#888888">> --<br>
> Manage your subscription for the Freeipa-users
mailing list:<br>
> <a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users"
target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
> Go To <a moz-do-not-send="true"
href="http://freeipa.org" target="_blank">http://freeipa.org</a>
for more info on the project<br>
<br>
</font></span></blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</body>
</html>