What does the AD Trust list in IPA show for the AD domain you should be using? The same
one? Or a different notation?
John
On 22 Jul 2019, at 17:13, Andrew Meyer via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
Hello,
I am working on setting up FreeIPA with AD integration and seem to be running into an
issue. Its possible that I am also doing something wrong.
I am setting it up to talk to MS Windows Server 2012r2. Following directions on
https://www.freeipa.org/page/Active_Directory_trust_setup
I have not edited the /etc/krb5.conf ( I figured that needed to happen on the client
machines.)
I am actually at this step:
https://www.freeipa.org/page/Active_Directory_trust_setup#Create_external...
I am getting the following error:
[andrew.meyer@freeipa01 ~]$ sudo ipa group-add-member ad_admins_external --external
'MEYER-AD\Domain Admins'
[member user]:
[member group]:
Group name: ad_admins_external
Description: ad.meyer.local admins external map
External member: S-1-5-21-2117027177-2554619188-4034396183-512,
S-1-5-21-2117027177-2554619188-4034396183-1106
Member users: andrew.meyer
Member groups: ad_admins
Member of groups: ad_admins, ipausers
Indirect Member groups: ad_admins_external
Failed members:
member user:
member group: MEYER-AD\Domain Admins: invalid 'trusted domain object': no
trusted domain matched the specified flat name
-------------------------
Number of members added 0
-------------------------
[andrew.meyer@freeipa01 ~]$
What am I doing wrong?
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...