On ke, 20 maalis 2019, SOLER SANGUESA Miguel via FreeIPA-users wrote:
hello,
I have 3 IDM clusters with RHEL 7.5 and ipa-server-4.5.4-10 (they are independents, 1 for
my company and other 2 for 2 clients), with domain names:
1)
ipa.mydomain.com
2)
ipa.client1_domain.com
3)
ipa.client2_domain.com
All of them have a trust with an AD domain:
1)
ad-domain.mydomain.com
2)
client1_domain.com
3)
addomain.client2_domain.com
The problem I have it is when I try to create the second trust with clusters 2 and 3 to
the same domain I have on the cluster 1 "ad-domain.mydomain.com". I get the
following answer:
# ipa trust-add --type=ad
AD-domain.mydomain.com --range-type=ipa-ad-trust
--server=AD_server.AD-domain.mydomain.com --all
Active Directory domain administrator: ad_admin
Active Directory domain administrator's password:
ipa: ERROR: CIFS server communication error: code "-1073741771", message
"The object name already exists." (both may be "None")
Attached full sanitated log of /var/log/httpd/error_log with debug mode. There the error
is:
out: struct lsa_CreateTrustedDomainEx2
result : NT_STATUS_OBJECT_NAME_COLLISION
I have also tried to do the trust on Windows side (the other method explained on the
manual with shared password), but AD (Windows server 2008 R2) complains that the trust is
already done:
[cid:image007.png@01D4DF0F.11226FC0]
Of course there is no trust between them, (checked on IDM side with
"ipa trust-show ad-domain.mydomain.com") and checked also on Windows
side We think it might be because we have the same NETBIOS name "IPA"
on both domains that we try to do a trust with
"ad-domain.mydomain.com":
ipa.mydomain.com (that is already trusted
with
ad-domain.mydomain.com) and
ipa.clientX_domain.com This is exactly the problem.
NetBIOS names of all trusted domains must
be different.
Is that possible? How can we fix that?
Change NetBIOS name used
for IPA in each domain using
ipa-adtrust-install.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland