[Freeipa-users] Centos 7 - ipa-server-3.3.3 AD trust trust-fetch-domains and add external group problem
mete bilgin
metebilgin48 at gmail.com
Fri Feb 27 09:01:34 UTC 2015
2015-02-27 10:45 GMT+02:00 Martin Kosek <mkosek at redhat.com>:
> On 02/27/2015 09:39 AM, mete bilgin wrote:
>
>>
>>
>> 2015-02-27 10:33 GMT+02:00 Martin Kosek <mkosek at redhat.com
>> <mailto:mkosek at redhat.com>>:
>>
>> On 02/27/2015 09:30 AM, mete bilgin wrote:
>>
>> Hello,
>>
>> I'm trying to install ipa-server with trust (Win 2008R2).
>> trustdomain-find will
>> work but when i try to trust-fetch-domains "ipa: ERROR: AD domain
>> controller
>> complains about communication sequence. It may mean
>> unsynchronized time
>> on both
>> sides, for example" return. Force to reinstall adtrust. Have any
>> idea
>> where is
>> the problem?
>>
>>
>> You probably done that, but did you indeed verify that the time on
>> both
>> your IPA server and AD are the same?
>>
>> http://www.freeipa.org/page/__Howto/IPAv3_AD_trust_setup#__
>> Date.2Ftime_settings
>> <http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#
>> Date.2Ftime_settings>
>>
>> Martin
>>
>> Yes i did that.
>> [root at ipa01 log]# ntpdate -u
>> 27 Feb 10:37:00 ntpdate[11281]: adjust time server 192.168.12.239 offset
>> -0.016979 sec
>>
>> By the way,
>> #wbinfo --online-status
>>
>> BUILTIN : online
>> ipadomain: online
>> addomain : offline
>>
>
> Right. Did you also check the actual AD? Especially when AD is in a VM, or
> of if for example it's time zone is wrong, the UTC time may not match.
>
> Martin
>
On AD time zone (UTC+02:00) Istanbul and the same time with ipa server.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150227/c0543227/attachment.htm>
More information about the Freeipa-users
mailing list