So the name is MEYERAD but you typed MEYER-AD. Remove the dash from your earlier command and it should work.
John > On 22 Jul 2019, at 17:48, Andrew Meyer via FreeIPA-users > <freeipa-users@lists.fedorahosted.org> wrote: > > Getting this: > > [andrew.meyer@freeipa01 ~]$ sudo ipa trust-find > --------------- > 1 trust matched > --------------- > Realm name: ad.meyer.local > Domain NetBIOS name: MEYERAD > Domain Security Identifier: S-1-5-21-1219070868-1303614073-2179474410 > Trust type: Active Directory domain > ---------------------------- > Number of entries returned 1 > ---------------------------- > [andrew.meyer@freeipa01 ~]$ > > > > On Monday, July 22, 2019, 10:26:29 AM CDT, Alexander Bokovoy > <aboko...@redhat.com> wrote: > > > On ma, 22 heinä 2019, Andrew Meyer via FreeIPA-users wrote: > > Hello, > >I am working on setting up FreeIPA with AD integration and seem to be > >running into an issue. Its possible that I am also doing something wrong. > >I am setting it up to talk to MS Windows Server 2012r2. Following > >directions on https://www.freeipa.org/page/Active_Directory_trust_setup > ><https://www.freeipa.org/page/Active_Directory_trust_setup%C2%A0> > >I have not edited the /etc/krb5.conf ( I figured that needed to happen on > >the client machines.) > Please use official documentation instead. The page above was written > quite a few years ago by test engineers to help themselves to get > through various test scenarios. You are better to use > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/windows_integration_guide/index > > <https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/windows_integration_guide/index> > > > > >I am actually at this step: > >https://www.freeipa.org/page/Active_Directory_trust_setup#Create_external_and_POSIX_groups_for_trusted_domain_users > > > ><https://www.freeipa.org/page/Active_Directory_trust_setup#Create_external_and_POSIX_groups_for_trusted_domain_users> > >I am getting the following error: > >[andrew.meyer@freeipa01 <mailto:andrew.meyer@freeipa01> ~]$ sudo ipa > >group-add-member ad_admins_external > >--external 'MEYER-AD\Domain Admins' > >[member user]: > >[member group]: > > Group name: ad_admins_external > > Description: ad.meyer.local admins external map > > External member: S-1-5-21-2117027177-2554619188-4034396183-512, > >S-1-5-21-2117027177-2554619188-4034396183-1106 > > Member users: andrew.meyer > > Member groups: ad_admins > > Member of groups: ad_admins, ipausers > > Indirect Member groups: ad_admins_external > > Failed members: > > member user: > > member group: MEYER-AD\Domain Admins: invalid 'trusted domain object': > >no trusted domain matched the specified flat name > > > This particular error message tells that there is no a trust to AD with > 'MEYER-AD' as its NetBIOS name. > > It might be that the trust wasn't established successfully, thus it is > not possible to use it to resolve users. > > Start with 'ipa trust-find' output. > > -- > / Alexander Bokovoy > Sr. Principal Software Engineer > Security / Identity Management Engineering > Red Hat Limited, Finland > > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org