[Freeipa-users] Error: invalid 'AD domain controller' when establishing trust
Genadi Postrilko
genadipost at gmail.com
Wed Oct 8 11:29:38 UTC 2014
Both Domain functional level and Forest functional level are Windows Server
2008 R2.
2014-10-08 9:24 GMT+02:00 Sumit Bose <sbose at redhat.com>:
> On Wed, Oct 08, 2014 at 02:42:47AM +0200, Genadi Postrilko wrote:
> > Hello.
> >
> > I am attempting to create trust between AD and IPA.
> >
> > I have deployed AD environment as follows:
> >
> > I have created domain RED.COM
> > Then i add new domain tree root - BLUE.COM.
> >
> > Now i would like to establish trust with IPA as a sub domain (
> LINUX.BLUE.COM)
> > of BLUE.COM.
> >
> > I followed the guide and when reaching to trust agreement creation i
> > stumbled into this error:
> >
> > ipa trust-add --type=ad blue.com --admin Administrator --password
> > Active directory domain administrator's password:
> > ipa: ERROR: invalid 'AD domain controller': unsupported functional level
>
> can you check the domain and forest functional levels of your domains?
> You can find this information in the 'Active Directory Domains and
> Trusts' utility by right-clicking the domain name and selecting
> properties? iirc the minimal level we support in 2003R2.
>
> bye,
> Sumit
>
> >
> > Both AD server are 2008 R2.
> > IPA version is 3.3, installed on RHEL 7.
> >
> > Help will be appreciated.
> >
> > Genadi.
>
> > --
> > Manage your subscription for the Freeipa-users mailing list:
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> > Go To http://freeipa.org for more info on the project
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141008/9e9bda9e/attachment.htm>
More information about the Freeipa-users
mailing list