[Freeipa-users] Error establishing trust with AD domain
Baird, Josh
jbaird at follett.com
Mon Mar 9 21:28:50 UTC 2015
Ok - I'll answer my own question. I needed to establish the trust with the forest-root domain (domain.com), not the child domain. I have verified using 'ipa trustdomain-find' that I can see the child domain (ad.domain.com) now.
Sorry for the noise!
Thanks,
Josh
From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Baird, Josh
Sent: Monday, March 09, 2015 5:06 PM
To: freeipa-users at redhat.com
Subject: [Freeipa-users] Error establishing trust with AD domain
Hi,
I have successfully established a trust in my lab environment running IPA 4.1 (RHEL7.1) and a Windows 2008 R2 domain with Windows 2003 domain/forest functional levels. I'm now trying to establish a trust with my production AD domain (same functional level). The only difference is that my production domain (ad.domain.lan) is a child-domain of a forest named domain.lan. There is no forest in my lab envrionment. I'm getting the following error when running 'ipa trust-add':
# ipa trust-add --type ad ad.domain.lan --range-type=ipa-ad-trust --admin jbadmin --password
Active Directory domain administrator's password:
ipa: ERROR: Domain 'ad.domain.lan' is not a root domain for forest 'domain.lan'
Any ideas?
Thanks,
Josh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150309/b7a2e0e3/attachment.htm>
More information about the Freeipa-users
mailing list