So the name is MEYERAD but you typed MEYER-AD.  Remove the dash from your 
earlier command and it should work.

John

> On 22 Jul 2019, at 17:48, Andrew Meyer via FreeIPA-users 
> <freeipa-users@lists.fedorahosted.org> wrote:
> 
> Getting this:
> 
> [andrew.meyer@freeipa01 ~]$ sudo ipa trust-find 
> ---------------
> 1 trust matched
> ---------------
>   Realm name: ad.meyer.local
>   Domain NetBIOS name: MEYERAD
>   Domain Security Identifier: S-1-5-21-1219070868-1303614073-2179474410
>   Trust type: Active Directory domain
> ----------------------------
> Number of entries returned 1
> ----------------------------
> [andrew.meyer@freeipa01 ~]$ 
> 
> 
> 
> On Monday, July 22, 2019, 10:26:29 AM CDT, Alexander Bokovoy 
> <aboko...@redhat.com> wrote:
> 
> 
> On ma, 22 heinä 2019, Andrew Meyer via FreeIPA-users wrote:
> > Hello,                                                                      
> >I am working on setting up FreeIPA with AD integration and seem to be        
> >running into an issue.  Its possible that I am also doing something wrong.  
> >I am setting it up to talk to MS Windows Server 2012r2.  Following          
> >directions on https://www.freeipa.org/page/Active_Directory_trust_setup   
> ><https://www.freeipa.org/page/Active_Directory_trust_setup%C2%A0>    
> >I have not edited the /etc/krb5.conf ( I figured that needed to happen on    
> >the client machines.)                                                       
> Please use official documentation instead. The page above was written
> quite a few years ago by test engineers to help themselves to get
> through various test scenarios. You are better to use
> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/windows_integration_guide/index
>  
> <https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/windows_integration_guide/index>
> 
> 
> 
> >I am actually at this step:                                                  
> >https://www.freeipa.org/page/Active_Directory_trust_setup#Create_external_and_POSIX_groups_for_trusted_domain_users
> > 
> ><https://www.freeipa.org/page/Active_Directory_trust_setup#Create_external_and_POSIX_groups_for_trusted_domain_users>
> >I am getting the following error:                                            
> >[andrew.meyer@freeipa01 <mailto:andrew.meyer@freeipa01> ~]$ sudo ipa 
> >group-add-member ad_admins_external    
> >--external 'MEYER-AD\Domain Admins'                                          
> >[member user]:                                                               
> >[member group]:                                                             
> >  Group name: ad_admins_external                                            
> >  Description: ad.meyer.local admins external map                            
> >  External member: S-1-5-21-2117027177-2554619188-4034396183-512,            
> >S-1-5-21-2117027177-2554619188-4034396183-1106                              
> >  Member users: andrew.meyer                                                
> >  Member groups: ad_admins                                                  
> >  Member of groups: ad_admins, ipausers                                      
> >  Indirect Member groups: ad_admins_external                                
> >  Failed members:                                                           
> >    member user:                                                             
> >    member group: MEYER-AD\Domain Admins: invalid 'trusted domain object':  
> >no trusted domain matched the specified flat name                           
> 
> 
> This particular error message tells that there is no a trust to AD with
> 'MEYER-AD' as its NetBIOS name.
> 
> It might be that the trust wasn't established successfully, thus it is
> not possible to use it to resolve users.
> 
> Start with 'ipa trust-find' output.
> 
> -- 
> / Alexander Bokovoy
> Sr. Principal Software Engineer
> Security / Identity Management Engineering
> Red Hat Limited, Finland
> 
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

Reply via email to