[Freeipa-users] Error establishing trust with AD domain

[Baird, Josh]

Hi,

I have successfully established a trust in my lab environment running IPA 4.1 (RHEL7.1) and a Windows 2008 R2 domain with Windows 2003 domain/forest functional levels.   I'm now trying to establish a trust with my production AD domain (same functional level).  The only difference is that my production domain (ad.domain.lan) is a child-domain of a forest named domain.lan.  There is no forest in my lab envrionment.  I'm getting the following error when running 'ipa trust-add':

# ipa trust-add --type ad ad.domain.lan --range-type=ipa-ad-trust --admin jbadmin --password
Active Directory domain administrator's password:
ipa: ERROR: Domain 'ad.domain.lan' is not a root domain for forest 'domain.lan'

Any ideas?

Thanks,

Josh

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150309/32fd6623/attachment.htm>