[Freeipa-users] What id my AD domain user password not available
Ben .T.George
bentech4you at gmail.com
Fri May 27 07:24:05 UTC 2016
HI Alex.
I Am using windows 2008 R2.
when i am giving IPA's DNS name and click next, the trust wizard is not
going through. But if i am selecting realm trust , atleast the wizard
completes.
So which AD version is recommended ?
Regards,
Ben
On Fri, May 27, 2016 at 7:05 AM, Alexander Bokovoy <abokovoy at redhat.com>
wrote:
> On Fri, 27 May 2016, Ben .T.George wrote:
>
>> HI
>>
>> i ran some commands from AD side and the Trust status got changed.Below is
>> the command i used on AD
>>
>> netdom trust <TrustingDomainName> /d:<TrustedDomainName> /verify
>>
>>
>> Before it was : "waiting for confirmation by remote side" and not it got
>> changed to "Trust type: Active Directory domain"
>>
>> But when i am trying to map AD group, it not going through
>>
>>
>> root at zkwipamstr01 ~]# ipa group-add-member ad_admins_external --external
>> 'MTC_TABS\Domain Users'
>> [member user]:
>> [member group]:
>> Group name: ad_admins_external
>> Description: ad_domain admins external map
>> Failed members:
>> member user:
>> *member group: MTC_TABS\Domain Users: trusted domain object not found *
>> -------------------------
>> Number of members added 0
>> -------------------------
>>
>> This is what my trust properties from AD. Trust type is showing as realm
>>
> It should be 'Forest', not 'realm'. Realm is for plain MIT Kerberos
> realm trust which is *not* what IPA provides.
>
> [image: Inline image 1]
>>
>> How can i fix this issue.
>>
> Use correct type of trust when establishing trust on AD side. If your
> Windows version does not allow to specify proper trust type, I'm afraid,
> there is nothing we can help with.
>
> --
> / Alexander Bokovoy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160527/33f80ac4/attachment.htm>
More information about the Freeipa-users
mailing list