[Freeipa-users] Error: invalid 'AD domain controller' when establishing trust
Genadi Postrilko
genadipost at gmail.com
Wed Oct 8 15:33:49 UTC 2014
The ipa server is able to resolve blue.com.
dig SRV _ldap._tcp.blue.com
does return answer.
2014-10-08 14:11 GMT+02:00 Dmitri Pal <dpal at redhat.com>:
> On 10/08/2014 07:29 AM, Genadi Postrilko wrote:
>
> Both Domain functional level and Forest functional level are Windows
> Server 2008 R2.
>
>
> Does blue.com actually resolves to the AD host?
> May be there is some DNS misconfiguration on the Linux system where you
> run the command from.
>
>
> 2014-10-08 9:24 GMT+02:00 Sumit Bose <sbose at redhat.com>:
>
>> On Wed, Oct 08, 2014 at 02:42:47AM +0200, Genadi Postrilko wrote:
>> > Hello.
>> >
>> > I am attempting to create trust between AD and IPA.
>> >
>> > I have deployed AD environment as follows:
>> >
>> > I have created domain RED.COM
>> > Then i add new domain tree root - BLUE.COM.
>> >
>> > Now i would like to establish trust with IPA as a sub domain (
>> LINUX.BLUE.COM)
>> > of BLUE.COM.
>> >
>> > I followed the guide and when reaching to trust agreement creation i
>> > stumbled into this error:
>> >
>> > ipa trust-add --type=ad blue.com --admin Administrator --password
>> > Active directory domain administrator's password:
>> > ipa: ERROR: invalid 'AD domain controller': unsupported functional level
>>
>> can you check the domain and forest functional levels of your domains?
>> You can find this information in the 'Active Directory Domains and
>> Trusts' utility by right-clicking the domain name and selecting
>> properties? iirc the minimal level we support in 2003R2.
>>
>> bye,
>> Sumit
>>
>> >
>> > Both AD server are 2008 R2.
>> > IPA version is 3.3, installed on RHEL 7.
>> >
>> > Help will be appreciated.
>> >
>> > Genadi.
>>
>> > --
>> > Manage your subscription for the Freeipa-users mailing list:
>> > https://www.redhat.com/mailman/listinfo/freeipa-users
>> > Go To http://freeipa.org for more info on the project
>>
>>
>
>
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141008/97f4af59/attachment.htm>
More information about the Freeipa-users
mailing list