On Wed, Oct 08, 2014 at 02:42:47AM +0200, Genadi Postrilko wrote: > Hello. > > I am attempting to create trust between AD and IPA. > > I have deployed AD environment as follows: > > I have created domain RED.COM > Then i add new domain tree root - BLUE.COM. > > Now i would like to establish trust with IPA as a sub domain (LINUX.BLUE.COM) > of BLUE.COM. > > I followed the guide and when reaching to trust agreement creation i > stumbled into this error: > > ipa trust-add --type=ad blue.com --admin Administrator --password > Active directory domain administrator's password: > ipa: ERROR: invalid 'AD domain controller': unsupported functional level
can you check the domain and forest functional levels of your domains? You can find this information in the 'Active Directory Domains and Trusts' utility by right-clicking the domain name and selecting properties? iirc the minimal level we support in 2003R2. bye, Sumit > > Both AD server are 2008 R2. > IPA version is 3.3, installed on RHEL 7. > > Help will be appreciated. > > Genadi. > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go To http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
