Hi Alexander
On Thu, Sep 11, 2014 at 8:16 PM, Alexander Bokovoy <[email protected]> wrote: > On Thu, 11 Sep 2014, Traiano Welcome wrote: > >> This one is not usable. You need to enable debugging on the server side. >>>> See http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup# >>>> Debugging_trust >>>> in the part where it talks about /usr/share/ipa/smb.conf.empty. >>>> >>>> >>>> >>> I've attached the debug logs, I'd be thankful if you could find anything >>> in them! >>> >> Can you please keep debugging and re-establish the trust using AD > credentials? > > I can see that AD DC does believe yet the trust is working: > Ticket in credentials cache for @LINUX will expire in 86400 secs > GSS client Update(krb5)(1) Update failed: Unspecified GSS failure. > Minor code may provide more information: KDC policy rejects request > > "KDC policy rejects request" means AD-side of the trust is not set and > verified. > > By running 'ipa trust-add ... --admin ..' you'll force AD DC to reset trust > and verify it. > > Just to confirm: The guide says that Windows 2008 R2 should be used as an AD DC, and provides a link to a setup process for Windows 2008 R2. However later on in the doc there is animated gif of Windows 2012 ... Does this matter? Will different setups based on Win2K8 or Win2K12 DC affect the installation process in any way on the IdM side? > > -- > / Alexander Bokovoy >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
