What does the AD Trust list in IPA show for the AD domain you should be using? The same one? Or a different notation?
John > On 22 Jul 2019, at 17:13, Andrew Meyer via FreeIPA-users > <freeipa-users@lists.fedorahosted.org> wrote: > > Hello, > I am working on setting up FreeIPA with AD integration and seem to be running > into an issue. Its possible that I am also doing something wrong. > > I am setting it up to talk to MS Windows Server 2012r2. Following directions > on https://www.freeipa.org/page/Active_Directory_trust_setup > > I have not edited the /etc/krb5.conf ( I figured that needed to happen on the > client machines.) > > I am actually at this step: > https://www.freeipa.org/page/Active_Directory_trust_setup#Create_external_and_POSIX_groups_for_trusted_domain_users > > I am getting the following error: > > [andrew.meyer@freeipa01 ~]$ sudo ipa group-add-member ad_admins_external > --external 'MEYER-AD\Domain Admins' > [member user]: > [member group]: > Group name: ad_admins_external > Description: ad.meyer.local admins external map > External member: S-1-5-21-2117027177-2554619188-4034396183-512, > S-1-5-21-2117027177-2554619188-4034396183-1106 > Member users: andrew.meyer > Member groups: ad_admins > Member of groups: ad_admins, ipausers > Indirect Member groups: ad_admins_external > Failed members: > member user: > member group: MEYER-AD\Domain Admins: invalid 'trusted domain object': no > trusted domain matched the specified flat name > ------------------------- > Number of members added 0 > ------------------------- > [andrew.meyer@freeipa01 ~]$ > > What am I doing wrong? > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
