[Freeipa-users] Error: invalid 'AD domain controller' when establishing trust
dpal at redhat.com
Wed Oct 8 12:11:38 UTC 2014
On 10/08/2014 07:29 AM, Genadi Postrilko wrote:
> Both Domain functional level and Forest functional level are Windows
> Server 2008 R2.
Does blue.com actually resolves to the AD host?
May be there is some DNS misconfiguration on the Linux system where you
run the command from.
> 2014-10-08 9:24 GMT+02:00 Sumit Bose <sbose at redhat.com
> <mailto:sbose at redhat.com>>:
> On Wed, Oct 08, 2014 at 02:42:47AM +0200, Genadi Postrilko wrote:
> > Hello.
> > I am attempting to create trust between AD and IPA.
> > I have deployed AD environment as follows:
> > I have created domain RED.COM <http://RED.COM>
> > Then i add new domain tree root - BLUE.COM <http://BLUE.COM>.
> > Now i would like to establish trust with IPA as a sub domain
> (LINUX.BLUE.COM <http://LINUX.BLUE.COM>)
> > of BLUE.COM <http://BLUE.COM>.
> > I followed the guide and when reaching to trust agreement creation i
> > stumbled into this error:
> > ipa trust-add --type=ad blue.com <http://blue.com> --admin
> Administrator --password
> > Active directory domain administrator's password:
> > ipa: ERROR: invalid 'AD domain controller': unsupported
> functional level
> can you check the domain and forest functional levels of your domains?
> You can find this information in the 'Active Directory Domains and
> Trusts' utility by right-clicking the domain name and selecting
> properties? iirc the minimal level we support in 2003R2.
> > Both AD server are 2008 R2.
> > IPA version is 3.3, installed on RHEL 7.
> > Help will be appreciated.
> > Genadi.
> > --
> > Manage your subscription for the Freeipa-users mailing list:
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> > Go To http://freeipa.org for more info on the project
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Freeipa-users