[Freeipa-users] FreeIPA Active directory Integration: ipa "unknown command trustdomain-fetch"
Alexander Bokovoy
abokovoy at redhat.com
Thu Sep 11 17:16:41 UTC 2014
On Thu, 11 Sep 2014, Traiano Welcome wrote:
>>> This one is not usable. You need to enable debugging on the server side.
>>> See http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#
>>> Debugging_trust
>>> in the part where it talks about /usr/share/ipa/smb.conf.empty.
>>>
>>>
>>
>> I've attached the debug logs, I'd be thankful if you could find anything
>> in them!
Can you please keep debugging and re-establish the trust using AD
credentials?
I can see that AD DC does believe yet the trust is working:
Ticket in credentials cache for @LINUX will expire in 86400 secs
GSS client Update(krb5)(1) Update failed: Unspecified GSS failure.
Minor code may provide more information: KDC policy rejects request
"KDC policy rejects request" means AD-side of the trust is not set and
verified.
By running 'ipa trust-add ... --admin ..' you'll force AD DC to reset trust
and verify it.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list