[Freeipa-users] Error: invalid 'AD domain controller' when establishing trust

Dmitri Pal dpal at redhat.com
Wed Oct 8 12:11:38 UTC 2014 

On 10/08/2014 07:29 AM, Genadi Postrilko wrote:
> Both Domain functional level and Forest functional level are Windows 
> Server 2008 R2.
>

Does blue.com actually resolves to the AD host?
May be there is some DNS misconfiguration on the Linux system where you 
run the command from.

> 2014-10-08 9:24 GMT+02:00 Sumit Bose <sbose at redhat.com 
> <mailto:sbose at redhat.com>>:
>
>     On Wed, Oct 08, 2014 at 02:42:47AM +0200, Genadi Postrilko wrote:
>     > Hello.
>     >
>     > I am attempting to create trust between AD and IPA.
>     >
>     > I have deployed AD environment as follows:
>     >
>     > I have created domain RED.COM <http://RED.COM>
>     > Then i add new domain tree root - BLUE.COM <http://BLUE.COM>.
>     >
>     > Now i would like to establish trust with IPA as a sub domain
>     (LINUX.BLUE.COM <http://LINUX.BLUE.COM>)
>     > of BLUE.COM <http://BLUE.COM>.
>     >
>     > I followed the guide and when reaching to trust agreement creation i
>     > stumbled into this error:
>     >
>     >  ipa trust-add --type=ad blue.com <http://blue.com> --admin
>     Administrator --password
>     > Active directory domain administrator's password:
>     > ipa: ERROR: invalid 'AD domain controller': unsupported
>     functional level
>
>     can you check the domain and forest functional levels of your domains?
>     You can find this information in the 'Active Directory Domains and
>     Trusts' utility by right-clicking the domain name and selecting
>     properties? iirc the minimal level we support in 2003R2.
>
>     bye,
>     Sumit
>
>     >
>     > Both AD server are 2008 R2.
>     > IPA version is 3.3, installed on RHEL 7.
>     >
>     > Help will be appreciated.
>     >
>     > Genadi.
>
>     > --
>     > Manage your subscription for the Freeipa-users mailing list:
>     > https://www.redhat.com/mailman/listinfo/freeipa-users
>     > Go To http://freeipa.org for more info on the project
>
>
>
>


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141008/f1634d18/attachment.htm>

More information about the Freeipa-users mailing list