[Freeipa-users] FreeIPA / AD Trust Relationship
Sumit Bose
sbose at redhat.com
Mon Feb 8 13:28:18 UTC 2016
On Wed, Feb 03, 2016 at 11:17:46AM -0600, Josh Pospisil wrote:
> I have successfully set up a trust between AD (windows server 2012) and
> freeIPA following this guide:
> http://www.freeipa.org/page/Active_Directory_trust_setup
>
> My hope in doing this was to allow the users I have created on the freeIPA
> server to logon to our windows computers without recreating all of the
> users in AD, but this is not working. Can anyone verify whether or not
> this should be true or does the trust only work the opposite direction? If
> it should be true, can anyone offer any tips for troubleshooting?
no, this is currently not possible because a Global Catalog is needed
on the FreeIPA side. This is currently work-in-progress and tracked by
https://fedorahosted.org/freeipa/ticket/3125 .
>
> When I try to verify the trust on the AD server, I get the following error:
> "There are currently no logon servers available to service the logon
> request."
>
> Dns was setup as described in the guide above.
Did you open all the firewall ports listed at the end of
ipa-adtrust-install?
HTH
bye,
Sumit
>
> Thanks in advance for any help.
>
>
> Josh
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list