[Freeipa-users] What id my AD domain user password not available
Alexander Bokovoy
abokovoy at redhat.com
Fri May 27 04:05:54 UTC 2016
On Fri, 27 May 2016, Ben .T.George wrote:
>HI
>
>i ran some commands from AD side and the Trust status got changed.Below is
>the command i used on AD
>
>netdom trust <TrustingDomainName> /d:<TrustedDomainName> /verify
>
>
>Before it was : "waiting for confirmation by remote side" and not it got
>changed to "Trust type: Active Directory domain"
>
>But when i am trying to map AD group, it not going through
>
>
>root at zkwipamstr01 ~]# ipa group-add-member ad_admins_external --external
>'MTC_TABS\Domain Users'
>[member user]:
>[member group]:
> Group name: ad_admins_external
> Description: ad_domain admins external map
> Failed members:
> member user:
> *member group: MTC_TABS\Domain Users: trusted domain object not found *
>-------------------------
>Number of members added 0
>-------------------------
>
>This is what my trust properties from AD. Trust type is showing as realm
It should be 'Forest', not 'realm'. Realm is for plain MIT Kerberos
realm trust which is *not* what IPA provides.
>[image: Inline image 1]
>
>How can i fix this issue.
Use correct type of trust when establishing trust on AD side. If your
Windows version does not allow to specify proper trust type, I'm afraid,
there is nothing we can help with.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list