[Freeipa-users] ipa: ERROR: AD DC was unable to reach any IPA domain controller --- AD domain controller complains about communication sequence.
g.fer.ordas at unicyber.co.uk
g.fer.ordas at unicyber.co.uk
Tue Apr 14 20:25:20 UTC 2015
Hi
Dealing with AD --> Cert Trust I am reaching the following step:
ipa trust-add ad.company.com --admin <user> --password
Active Directory domain administrator's password:
ipa: ERROR: AD DC was unable to reach any IPA domain controller. Most
likely it is a DNS or firewall issue
Reaching this far I do not know what the issue is .. Nevertheless and
before start playing around with the DNS further more....
if I run the following it seems to successfully establish the trust by
the IPA side of the business
# ipa trust-add --type=ad "ad_domain" --trust-secret
So this part seems find by the look of it..
I also had to manually add the AD host and the remote CIFS resource but
I am getting instead:
ipa trust-fetch-domains corp.hootsuitemedia.com
ipa: ERROR: AD domain controller complains about communication sequence.
It may mean unsynchronized time on both sides, for example
on the log for kerberos I get:
krb5kdc[23951](info): TGS_REQ (6 etypes {18 17 16 23 25 26})
10.0.146.161:
BAD_ENCRYPTION_TYPE: authtime 0,
HTTP/freeipaserver.ldap.company.com at LDAP.COMPANY.COMfor
cifs/server1.ad.company.com at LDAP.COMPANY.COM, KDC has no support for
encryption type
Any idea? tips?
Thanks very much!
More information about the Freeipa-users
mailing list