[Freeipa-users] group-add-member external "trusted domain object not found"

[Stijn De Weirdt]

hi all,

i'm trying to setup a one-sided trust with an AD, following
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/trust-groups.html

the trust is setup and seems to work (i get IPA service token using kvno
and an AD kerberos credential), "ipa trustdomain-find domain.name"
reports that the domain is enabled (but for some reason dumps this info
twice).

however, when trying to add the "Domain Users", i get a 'trusted domain
object not found'

> # ipa group-add-member extgroup --external="NETBIOSNAME\Domain Users" --users=a_valid_ad_user
>   Group name: extgroup
>   Description: some desc
>   Member of groups: intgroup
>   Failed members: 
>     member user: a_valid_ad_user: no such entry
>     member group: NETBIOSNAME\Domain Users: trusted domain object not found
> -------------------------
> Number of members added 0
> -------------------------

i also tried with "Domain Users at domain.name"

any clues how to debug what is going wrong?

many thanks,

stijn