[Freeipa-users] AD - Freeipa trust confusion
Simo Sorce
simo at redhat.com
Thu Jan 2 19:16:41 UTC 2014
On Thu, 2014-01-02 at 19:12 +0000, Andrew Holway wrote:
> > You are still setting up a replication agreement not a trust.
>
> Oh, I am following the redhat documentation here:
>
> https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/managing-sync-agmt.html
>
> > This seems to indicate that the directory server is not running.
> > Can you check that the dirsrv is running?
>
> [root at ipa.wibble.com log]# /etc/init.d/dirsrv status
> dirsrv PKI-IPA (pid 7394) is running...
> dirsrv WIBBLE-COM (pid 7463) is running...
>
>
> [root at ipa.wibble.com log]# ipa trust-add --type=ad prattle.com --admin
> Administrator --password
> Active directory domain administrator's password:
> ----------------------------------------------------
> Added Active Directory trust for realm "prattle.com"
> ----------------------------------------------------
> Realm name: prattle.com
> Domain NetBIOS name: PRATTLE
> Domain Security Identifier: S-1-5-21-2812083513-4116408788-3699662436
> Trust direction: Two-way trust
> Trust type: Active Directory domain
> Trust status: Established and verified
>
> However I cannot log into the windows domain with my linux users nor
> the linux domain with my linux users.....
At this time loggin in with linux iusers into the Windows domain is not
supported and does not work.
However loggin with Windows user into a linux machine joined to the ipa
realm should work, a slong as you use sssd on the linux machine.
What error do you see on the linux machine whe you try to log in with a
windows user ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list