[Freeipa-users] Centos 7 - ipa-server-3.3.3 AD trust trust-fetch-domains and add external group problem
Martin Kosek
mkosek at redhat.com
Fri Feb 27 08:45:58 UTC 2015
On 02/27/2015 09:39 AM, mete bilgin wrote:
>
>
> 2015-02-27 10:33 GMT+02:00 Martin Kosek <mkosek at redhat.com
> <mailto:mkosek at redhat.com>>:
>
> On 02/27/2015 09:30 AM, mete bilgin wrote:
>
> Hello,
>
> I'm trying to install ipa-server with trust (Win 2008R2).
> trustdomain-find will
> work but when i try to trust-fetch-domains "ipa: ERROR: AD domain
> controller
> complains about communication sequence. It may mean unsynchronized time
> on both
> sides, for example" return. Force to reinstall adtrust. Have any idea
> where is
> the problem?
>
>
> You probably done that, but did you indeed verify that the time on both
> your IPA server and AD are the same?
>
> http://www.freeipa.org/page/__Howto/IPAv3_AD_trust_setup#__Date.2Ftime_settings
> <http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#Date.2Ftime_settings>
>
> Martin
>
> Yes i did that.
> [root at ipa01 log]# ntpdate -u
> 27 Feb 10:37:00 ntpdate[11281]: adjust time server 192.168.12.239 offset
> -0.016979 sec
>
> By the way,
> #wbinfo --online-status
>
> BUILTIN : online
> ipadomain: online
> addomain : offline
Right. Did you also check the actual AD? Especially when AD is in a VM, or of
if for example it's time zone is wrong, the UTC time may not match.
Martin
More information about the Freeipa-users
mailing list