[Freeipa-users] Troubleshooting Forest-Trust to AD
Alexander Bokovoy
abokovoy at redhat.com
Mon Aug 15 14:19:42 UTC 2016
On Mon, 15 Aug 2016, Petr Spacek wrote:
>On 12.8.2016 02:18, Paul Smith wrote:
>> I'm having issues establishing Trust with an existing Active Directory
>> domain (Windows Server 2012 R2). I can get IPA up and running and have
>> spent the day troubleshooting DNS\Kerberos
>>
>> I think the main issue is something remaining in kerberos but i'm not sure
>> what.
>> I followed the deployment and troubleshooting guide as best I could with my
>> environment.
>> The problem happens when I try the ipa trust-add. I get a message:
>> ipa: ERROR: AD domain controller complains about communication sequence
>>
>> I know that my time zone and time is in sync with the same server.
>> This is a proof-of-concept design that I'd like to explore\learn more
>> about. Below are details on the linux environment:
>>
>> *uname -a*
>> Linux dclinux.linuxtrust.local 4.4.0-34-generic #53-Ubuntu SMP Wed Jul 27
>> 16:06:39 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
>>
>> *lsb_release -a*
>> No LSB modules are available.
>> Distributor ID: Ubuntu
>> Description: Ubuntu 16.04.1 LTS
>> Release: 16.04
>> Codename: xenial
>>
>> *ipa --version*
>> VERSION: 4.3.1, API_VERSION: 2.164
>>
>> If anyone can help, I'd be more than willing to post the detailed samba
>> logs, as this is just a local lab environment
Unless things changed, Ubuntu-built Samba is linked with Heimdal
kerberos, not MIT Kerberos, and thus cannot be used with FreeIPA for
trust setup.
See https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1552249
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list