On 10/08/2014 07:29 AM, Genadi Postrilko wrote:
Both Domain functional level and Forest functional level are Windows
Server 2008 R2.
Does blue.com actually resolves to the AD host?
May be there is some DNS misconfiguration on the Linux system where you
run the command from.
2014-10-08 9:24 GMT+02:00 Sumit Bose <[email protected]
<mailto:[email protected]>>:
On Wed, Oct 08, 2014 at 02:42:47AM +0200, Genadi Postrilko wrote:
> Hello.
>
> I am attempting to create trust between AD and IPA.
>
> I have deployed AD environment as follows:
>
> I have created domain RED.COM <http://RED.COM>
> Then i add new domain tree root - BLUE.COM <http://BLUE.COM>.
>
> Now i would like to establish trust with IPA as a sub domain
(LINUX.BLUE.COM <http://LINUX.BLUE.COM>)
> of BLUE.COM <http://BLUE.COM>.
>
> I followed the guide and when reaching to trust agreement creation i
> stumbled into this error:
>
> ipa trust-add --type=ad blue.com <http://blue.com> --admin
Administrator --password
> Active directory domain administrator's password:
> ipa: ERROR: invalid 'AD domain controller': unsupported
functional level
can you check the domain and forest functional levels of your domains?
You can find this information in the 'Active Directory Domains and
Trusts' utility by right-clicking the domain name and selecting
properties? iirc the minimal level we support in 2003R2.
bye,
Sumit
>
> Both AD server are 2008 R2.
> IPA version is 3.3, installed on RHEL 7.
>
> Help will be appreciated.
>
> Genadi.
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
