[Freeipa-users] Unable to add external group
pgb205
pgb205 at yahoo.com
Tue Jun 28 20:06:39 UTC 2016
Trust is successfully established
ipa trust-find---------------1 trust matched--------------- Realm name: ad_domain.local Domain NetBIOS name: AD_DOMAIN
and I can get kerberos ticket and access to servicesKRB5_TRACE=/dev/stderr kvno -S cifs ADDC.AD_DOMAIN
[3552] 1467143851.633980: Received creds for desired service cifs/ADDC.AD_DOMAIN[3552] 1467143851.634008: Storing my_user at AD_DOMAIN -> cifs/ADDC at AD_DOMAIN in KEYRING:persistent:0:krb_ccache_02UjQwjcifs/ADDC.AD_DOMAIN: kvno = 29
time is also correct and matches on both ipa and Domain Controller
When I go with the last few steps to add external AD group to the IPA --external I get the followingipa group-add-member ad_domain_admins_external --external 'AD_DOMAIN\Ops_Admins'[member user]:[member group]: Group name: ad_domain_admins_external Description: ad_domain_admins external map Failed members: member user: member group: AD_DOMAIN\Ops_Admins: trusted domain object not found-------------------------Number of members added 0
I have verified the Ops_Admins is readable by everyone in Active Directory.
In error_log I get
[:error] [pid 2619] ipa: INFO: [jsonserver_session] admin at IPA_DOMAIN: group_add_member(u'ad_domain_admins_external', ipaexternalmember=(u'AD_DOMAIN\\\\Ops_Admins',), all=False, raw=False, version=u'2.156', no_members=False): SUCCESS
Any idea on what steps I'm missing or what other things to check ?
thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160628/3e754747/attachment.htm>
More information about the Freeipa-users
mailing list