[Freeipa-users] ipa trust-add seems to work, but doesn't add the trust in FreeIPA

Darren Poulson darren.poulson at genesys.com
Thu Mar 10 02:54:03 UTC 2016 

Hi,

So, after I got the ipa-adtrust-install working, I tried to create a trust
between our freeipa cluster, and a new AD machine.

It seemed to run ok, and gave an output, but in the ui under trusts, there
is nothing.

[root at freeipa1-01 httpd]# ipa trust-add --type=ad ad.genops --admin
Administrator
Active Directory domain administrator's password:
--------------------------------------------------
Added Active Directory trust for realm "ad.genops"
--------------------------------------------------
  Realm name: ad.genops
  Domain NetBIOS name: AD
  Domain Security Identifier: S-1-5-21-1113268607-2619903336-2585939669
  SID blacklist incoming: S-1-5-20, S-1-5-3, S-1-5-2, S-1-5-1, S-1-5-7,
S-1-5-6, S-1-5-5, S-1-5-4, S-1-5-9, S-1-5-8, S-1-5-17, S-1-5-16, S-1-5-15,
S-1-5-14, S-1-5-13, S-1-5-12, S-1-5-11, S-1-5-10,
                          S-1-3, S-1-2, S-1-1, S-1-0, S-1-5-19, S-1-5-18
  SID blacklist outgoing: S-1-5-20, S-1-5-3, S-1-5-2, S-1-5-1, S-1-5-7,
S-1-5-6, S-1-5-5, S-1-5-4, S-1-5-9, S-1-5-8, S-1-5-17, S-1-5-16, S-1-5-15,
S-1-5-14, S-1-5-13, S-1-5-12, S-1-5-11, S-1-5-10,
                          S-1-3, S-1-2, S-1-1, S-1-0, S-1-5-19, S-1-5-18
  Trust direction: Trusting forest
  Trust type: Active Directory domain
  Trust status: Established and verified

[root at freeipa1-01 httpd]# ipa trust-fetch-domains ad.genops
ipa: ERROR: no matching entry found

Any pointers as to where to start looking? It seems to have added the id
range for AD, as well as the Default Trust View. Just not the actual trust.
I can see the trust has been created on the AD side fine.

FreeIPA 4.2 on CentOS 7
Windows 2012R2

TIA

Darren.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160310/2872cf88/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2414 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160310/2872cf88/attachment.p7s>

More information about the Freeipa-users mailing list