hello,

 

I have 3 IDM clusters with RHEL 7.5 and ipa-server-4.5.4-10 (they are independents, 1 for my company and other 2 for 2 clients), with domain names:

1) ipa.mydomain.com

2) ipa.client1_domain.com

3) ipa.client2_domain.com

 

All of them have a trust with an AD domain:

1) ad-domain.mydomain.com

2) client1_domain.com

3) addomain.client2_domain.com

 

The problem I have it is when I try to create the second trust with clusters 2 and 3 to the same domain I have on the cluster 1 "ad-domain.mydomain.com". I get the following answer:

# ipa trust-add --type=ad AD-domain.mydomain.com --range-type=ipa-ad-trust --server=AD_server.AD-domain.mydomain.com --all

Active Directory domain administrator: ad_admin

Active Directory domain administrator's password:

ipa: ERROR: CIFS server communication error: code "-1073741771", message "The object name already exists." (both may be "None")

 

Attached full sanitated log of /var/log/httpd/error_log with debug mode. There the error is:

out: struct lsa_CreateTrustedDomainEx2

result                   : NT_STATUS_OBJECT_NAME_COLLISION

 

I have also tried to do the trust on Windows side (the other method explained on the manual with shared password), but AD (Windows server 2008 R2) complains that the trust is already done:

 

Of course there is no trust between them, (checked on IDM side with "ipa trust-show ad-domain.mydomain.com") and checked also on Windows side

We think it might be because we have the same NETBIOS name "IPA" on both domains that we try to do a trust with "ad-domain.mydomain.com": ipa.mydomain.com (that is already trusted with ad-domain.mydomain.com) and ipa.clientX_domain.com

 

Is that possible? How can we fix that?

 

Thanks & Regards.

 

______________________________

Miguel