[Freeipa-users] What id my AD domain user password not available
Ben .T.George
bentech4you at gmail.com
Fri May 27 08:04:25 UTC 2016
HI Alex,
Thanks for the information
i have removed old trust and recreating agan
[image: Inline image 1]
[image: Inline image 2]
[image: Inline image 4]
And with PA domain (idm.local) also same, it's not creating trust.
Regards,
Ben
On Fri, May 27, 2016 at 10:53 AM, Alexander Bokovoy <abokovoy at redhat.com>
wrote:
> On Fri, 27 May 2016, Ben .T.George wrote:
>
>> This is what i am getting
>>
>> [image: Inline image 1]
>> [image: Inline image 3]
>> [image: Inline image 4]
>>
>> And that wizand end with nothing. Please anyone share more info regarding
>> this
>>
> The wizard asks you to enter the name of the domain, forest, or realm
> for the trust. You are entering hostname of IPA master. This is never
> going to fly.
>
> In Active Directory terms:
> - forest is a set of AD domains
> - it is named after the first AD domain created in the forest
> - this domain is called 'forest root domain'
>
> In FreeIPA we have a single 'domain' from Active Directory perspective:
> - this is the domain corresponding to Kerberos realm name, (ipa.local
> in your case)
> - Forest name = forest root domain name = ipa.local
>
> The wizard will then use DNS SRV records to discover IPA masters (AD DCs
> for Active Directory view).
>
>
>
>> Regards,
>> Ben
>>
>> On Fri, May 27, 2016 at 10:24 AM, Ben .T.George <bentech4you at gmail.com>
>> wrote:
>>
>> HI Alex.
>>>
>>> I Am using windows 2008 R2.
>>>
>>> when i am giving IPA's DNS name and click next, the trust wizard is not
>>> going through. But if i am selecting realm trust , atleast the wizard
>>> completes.
>>>
>>> So which AD version is recommended ?
>>>
>>> Regards,
>>> Ben
>>>
>>> On Fri, May 27, 2016 at 7:05 AM, Alexander Bokovoy <abokovoy at redhat.com>
>>> wrote:
>>>
>>> On Fri, 27 May 2016, Ben .T.George wrote:
>>>>
>>>> HI
>>>>>
>>>>> i ran some commands from AD side and the Trust status got changed.Below
>>>>> is
>>>>> the command i used on AD
>>>>>
>>>>> netdom trust <TrustingDomainName> /d:<TrustedDomainName> /verify
>>>>>
>>>>>
>>>>> Before it was : "waiting for confirmation by remote side" and not it
>>>>> got
>>>>> changed to "Trust type: Active Directory domain"
>>>>>
>>>>> But when i am trying to map AD group, it not going through
>>>>>
>>>>>
>>>>> root at zkwipamstr01 ~]# ipa group-add-member ad_admins_external
>>>>> --external
>>>>> 'MTC_TABS\Domain Users'
>>>>> [member user]:
>>>>> [member group]:
>>>>> Group name: ad_admins_external
>>>>> Description: ad_domain admins external map
>>>>> Failed members:
>>>>> member user:
>>>>> *member group: MTC_TABS\Domain Users: trusted domain object not
>>>>> found *
>>>>> -------------------------
>>>>> Number of members added 0
>>>>> -------------------------
>>>>>
>>>>> This is what my trust properties from AD. Trust type is showing as
>>>>> realm
>>>>>
>>>>> It should be 'Forest', not 'realm'. Realm is for plain MIT Kerberos
>>>> realm trust which is *not* what IPA provides.
>>>>
>>>> [image: Inline image 1]
>>>>
>>>>>
>>>>> How can i fix this issue.
>>>>>
>>>>> Use correct type of trust when establishing trust on AD side. If your
>>>> Windows version does not allow to specify proper trust type, I'm afraid,
>>>> there is nothing we can help with.
>>>>
>>>> --
>>>> / Alexander Bokovoy
>>>>
>>>>
>>>
>>>
>
>
>
>
> --
> / Alexander Bokovoy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160527/20aaf1ec/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 28160 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160527/20aaf1ec/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 55244 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160527/20aaf1ec/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 21928 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160527/20aaf1ec/attachment-0002.png>
More information about the Freeipa-users
mailing list