<div dir="ltr"><font color="#000000" size="3" face="Times New Roman">

</font><div style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><span style="font-family:"Times New Roman","serif";font-size:12pt" lang="EN-US"><font color="#000000">Hello,</font></span></div><div style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><span style="font-family:"Times New Roman","serif";font-size:12pt" lang="EN-US"><font color="#000000"></font></span> </div><font color="#000000" size="3" face="Times New Roman">

</font><p style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><span style="font-family:"Times New Roman","serif";font-size:12pt" lang="EN-US"><font color="#000000">We have been following the AD integration guide for IPAv3: </font></span><span style="font-family:"Times New Roman","serif";font-size:12pt"><a href="http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup"><span style="color:blue" lang="EN-US">http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup</span></a></span><span style="font-family:"Times New Roman","serif";font-size:12pt" lang="EN-US"></span></p><font color="#000000" size="3" face="Times New Roman">

</font><p style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><span style="font-family:"Times New Roman","serif";font-size:12pt" lang="EN-US"><font color="#000000"> </font></span></p><font color="#000000" size="3" face="Times New Roman">

</font><p style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><span style="font-family:"Times New Roman","serif";font-size:12pt" lang="EN-US"><font color="#000000">Our setup is:</font></span></p><font color="#000000" size="3" face="Times New Roman">

</font><p style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><span style="font-family:"Times New Roman","serif";font-size:12pt" lang="EN-US"><font color="#000000">• 2 domain controllers with Windows 2008 R2 AD DC -> </font></span><span style="font-family:"Times New Roman","serif";font-size:12pt"><a href="http://example.com/"><span style="color:blue" lang="EN-US">windows.com</span></a></span><span style="font-family:"Times New Roman","serif";font-size:12pt" lang="EN-US"><font color="#000000"> as Forest Root Domain and </font></span><span style="font-family:"Times New Roman","serif";font-size:12pt"><a href="http://acme.example.com/"><span style="color:blue" lang="EN-US">acme.windows.com</span></a></span><span style="font-family:"Times New Roman","serif";font-size:12pt" lang="EN-US"><font color="#000000"> as
transitive child domain </font></span></p><font color="#000000" size="3" face="Times New Roman">

</font><p style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><span style="font-family:"Times New Roman","serif";font-size:12pt" lang="EN-US"><font color="#000000">• RHEL7 as IPA server with domain: </font></span><span style="font-family:"Times New Roman","serif";font-size:12pt"><a href="http://linux.acme.example.com/"><span style="color:blue" lang="EN-US">linux.com</span></a></span><span style="font-family:"Times New Roman","serif";font-size:12pt"><font color="#000000"> <span lang="EN-US"></span></font></span></p><font color="#000000" size="3" face="Times New Roman">

</font><p style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><span style="font-family:"Times New Roman","serif";font-size:12pt" lang="EN-US"><font color="#000000"> </font></span></p><font color="#000000" size="3" face="Times New Roman">

</font><p style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><span style="font-family:"Times New Roman","serif";font-size:12pt" lang="EN-US"><font color="#000000">We have established a forest trust between <a href="http://windows.com">windows.com</a> and <a href="http://linux.com">linux.com</a> and
everything seems OK from an IPA perspective.</font></span></p><font color="#000000" size="3" face="Times New Roman">

</font><p style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><span style="font-family:"Times New Roman","serif";font-size:12pt" lang="EN-US"><font color="#000000"> </font></span></p><font color="#000000" size="3" face="Times New Roman">

</font><p style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><span style="font-family:"Times New Roman","serif";font-size:12pt" lang="EN-US"><font color="#000000">We can work with Kerberos tickets without any issue from “windows” domain or
his child domain “acme”. (kinit, kvno…)</font></span></p><font color="#000000" size="3" face="Times New Roman">

</font><p style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><span style="font-family:"Times New Roman","serif";font-size:12pt" lang="EN-US"><font color="#000000"> </font></span></p><font color="#000000" size="3" face="Times New Roman">

</font><p style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><span style="font-family:"Times New Roman","serif";font-size:12pt" lang="EN-US"><font color="#000000">When we use samba tools, the following command is working fine.</font></span></p><font color="#000000" size="3" face="Times New Roman">

</font><p style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><i><span style="font-family:"Times New Roman","serif";font-size:10pt" lang="EN-US"><font color="#000000">[root@support1
]# wbinfo -n 'WINDOWS\Domain Admins'</font></span></i></p><font color="#000000" size="3" face="Times New Roman">

</font><p style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><font color="#000000"><i><span style="font-family:"Times New Roman","serif";font-size:10pt" lang="EN-US">S-1-5-21-1701591335-3855227394-3044674468-512
SID_DOM_GROUP (2)</span></i><span style="font-family:"Times New Roman","serif";font-size:10pt" lang="EN-US"></span></font></p><font color="#000000" size="3" face="Times New Roman">

</font><p style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><span style="font-family:"Times New Roman","serif";font-size:12pt" lang="EN-US"><font color="#000000"> </font></span></p><font color="#000000" size="3" face="Times New Roman">

</font><p style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><span style="font-family:"Times New Roman","serif";font-size:12pt" lang="EN-US"><font color="#000000">But, the same command against the acme domain returns
an error.</font></span></p><font color="#000000" size="3" face="Times New Roman">

</font><p style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><font color="#000000"><i><span style="font-family:"Times New Roman","serif";font-size:10pt" lang="EN-US">[root@support1
]# wbinfo -n 'ACME\Domain Admins'</span></i><span style="font-family:"Times New Roman","serif";font-size:10pt" lang="EN-US"></span></font></p><font color="#000000" size="3" face="Times New Roman">

</font><p style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><i><span style="font-family:"Times New Roman","serif";font-size:10pt" lang="EN-US"><font color="#000000">failed to
call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND</font></span></i></p><font color="#000000" size="3" face="Times New Roman">

</font><p style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><i><span style="font-family:"Times New Roman","serif";font-size:10pt" lang="EN-US"><font color="#000000">Could not
lookup name ACME\Domain Admins</font></span></i></p><font color="#000000" size="3" face="Times New Roman">

</font><p style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><i><span style="font-family:"Times New Roman","serif"" lang="EN-US"><font color="#000000" size="3"> </font></span></i></p><font color="#000000" size="3" face="Times New Roman">

</font><p style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><font color="#000000"><span style="font-family:"Times New Roman","serif";font-size:12pt" lang="EN-US">Same problem with the following command:</span><i><span style="font-family:"Times New Roman","serif"" lang="EN-US"></span></i></font></p><font color="#000000" size="3" face="Times New Roman">

</font><p style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><i><span style="font-family:"Times New Roman","serif";font-size:10pt" lang="EN-US"><font color="#000000">[root@support1]#
ipa group-add-member ad_users_external --external "ACME\Domain Users"</font></span></i></p><font color="#000000" size="3" face="Times New Roman">

</font><p style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><i><span style="font-family:"Times New Roman","serif";font-size:10pt" lang="EN-US"><font color="#000000">[member
user]:</font></span></i></p><font color="#000000" size="3" face="Times New Roman">

</font><p style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><i><span style="font-family:"Times New Roman","serif";font-size:10pt" lang="EN-US"><font color="#000000">[member
group]:</font></span></i></p><font color="#000000" size="3" face="Times New Roman">

</font><p style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><i><span style="font-family:"Times New Roman","serif";font-size:10pt" lang="EN-US"><font color="#000000"><span>  </span>Group name: ad_users_external</font></span></i></p><font color="#000000" size="3" face="Times New Roman">

</font><p style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><i><span style="font-family:"Times New Roman","serif";font-size:10pt" lang="EN-US"><font color="#000000"><span>  </span>Description: AD users external map</font></span></i></p><font color="#000000" size="3" face="Times New Roman">

</font><p style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><i><span style="font-family:"Times New Roman","serif";font-size:10pt" lang="EN-US"><font color="#000000"><span>  </span>External member: </font></span></i></p><font color="#000000" size="3" face="Times New Roman">

</font><p style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><i><span style="font-family:"Times New Roman","serif";font-size:10pt" lang="EN-US"><font color="#000000"><span>  </span>Member of groups: ad_users</font></span></i></p><font color="#000000" size="3" face="Times New Roman">

</font><p style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><i><span style="font-family:"Times New Roman","serif";font-size:10pt" lang="EN-US"><font color="#000000"><span>  </span>Failed members:</font></span></i></p><font color="#000000" size="3" face="Times New Roman">

</font><p style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><i><span style="font-family:"Times New Roman","serif";font-size:10pt" lang="EN-US"><font color="#000000"><span>    </span>member user:</font></span></i></p><font color="#000000" size="3" face="Times New Roman">

</font><p style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><i><span style="font-family:"Times New Roman","serif";font-size:10pt" lang="EN-US"><font color="#000000"><span>    </span>member group: ACME\Domain Users: Cannot
find specified domain or server name</font></span></i></p><font color="#000000" size="3" face="Times New Roman">

</font><p style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><i><span style="font-family:"Times New Roman","serif";font-size:10pt" lang="EN-US"><font color="#000000">-------------------------</font></span></i></p><font color="#000000" size="3" face="Times New Roman">

</font><p style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><i><span style="font-family:"Times New Roman","serif";font-size:10pt" lang="EN-US"><font color="#000000">Number of
members added 0</font></span></i></p><font color="#000000" size="3" face="Times New Roman">

</font><p style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><i><span style="font-family:"Times New Roman","serif"" lang="EN-US"><font color="#000000" size="3"> </font></span></i></p><font color="#000000" size="3" face="Times New Roman">

</font><p style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><i><span style="font-family:"Times New Roman","serif"" lang="EN-US"><font color="#000000" size="3"> </font></span></i></p><font color="#000000" size="3" face="Times New Roman">

</font><p style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><span style="font-family:"Times New Roman","serif";font-size:12pt" lang="EN-US"><font color="#000000">Any <span>help</span>
would be <span>appreciated</span></font></span></p><font color="#000000" size="3" face="Times New Roman">

</font><p style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><span style="font-family:"Times New Roman","serif";font-size:12pt" lang="EN-US"><font color="#000000"> </font></span></p><font color="#000000" size="3" face="Times New Roman">

</font><p style="margin:0cm 0cm 0pt;line-height:normal" class="MsoNormal"><font color="#000000"><span style="font-family:"Times New Roman","serif";font-size:12pt" lang="EN-US">Regards</span><span style="font-family:"Times New Roman","serif";font-size:12pt" lang="EN-US"></span></font></p><font color="#000000" size="3" face="Times New Roman">

</font></div>