On 5/29/18, 7:59 PM, "Alexander Bokovoy" <[email protected]> wrote:
On ti, 29 touko 2018, Merritt, Todd R - (tmerritt) via FreeIPA-users wrote:
>Hi,
> I'm trying to establish a two way trust with an AD
> domain and seem to be running into some issues. I am
> able to establish a one way trust following the guide
> at
> https://www.freeipa.org/page/Active_Directory_trust_setup
> without any issues. When I destroy that trust and try
> to establish a new one with two-way specified to the
> same AD domain it throws what I believe to be a
> misleading error message and the trust is not
> established.
How did you destroy that trust?
>[[email protected] /]# ipa trust-add --type=ad AD_DOMAIN --admin
AD_ADMIN_USER --password --two-way=true
>Active Directory domain administrator's password:
>ipa: ERROR: AD DC was unable to reach any IPA domain controller. Most
likely it is a DNS or firewall issue
>
>I've checked that both the AD DC and the free IPA hosts can resolve the
>service entries and verified that there are no firewall blocks in place
>between these two hosts. I believe the issue is an LDAP permission
>issue of some sort based on the following log snippet
Add 'log level = 100' to /usr/share/ipa/smb.conf.empty and re-try with
'ipa trust-add'. You'll get additional debug information in httpd's
error_log. Provide that one off-list.
Thanks, I removed it with trust-del
[[email protected] /]# ipa trust-del AD_DOMAIN
-------------------------
Deleted trust "AD_DOMAIN"
-------------------------
I'll send you a copy of the http error log directly.
Thanks,
Todd
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]/message/BNEFRVT4SSR7R7DWKY44II53C2SSYHUZ/
