Attempting to create a one-way trust from freeIPA to AD. Both are fresh installations and up to date. ADDS on 2k19 and FreeIPA on CentOS 7.
After running `ipa-adtrust-install` running 'smbclient -L ipaserver.ipa.example.net -k' only returns `Reconnecting with SMB1 for workgroup listing.`
The error I receive when running `ipa trust-add` is `ipa: ERROR: an internal error has occurred`. At this point the trust appears in the incoming trusts in AD.
Both firewalls disabled. Both realms have integrated dns and conditional forwarders set up. All SRV records are resolvable in both directions. I manually created `_kerberos._udp.dc._msdcs.ad.example.com.` as it was not present.
On ti, 06 elo 2019, Darvid Kairne via FreeIPA-users wrote:
Attempting to create a one-way trust from freeIPA to AD. Both are fresh installations and up to date. ADDS on 2k19 and FreeIPA on CentOS 7.
After running `ipa-adtrust-install` running 'smbclient -L ipaserver.ipa.example.net -k' only returns `Reconnecting with SMB1 for workgroup listing.`
There should be no shares configured by default, so that is OK.
The error I receive when running `ipa trust-add` is `ipa: ERROR: an internal error has occurred`. At this point the trust appears in the incoming trusts in AD.
You need to enable debugging and re-run 'ipa trust-add':
- set 'log level = 50' in /usr/share/ipa/smb.conf.empty - Add [global] debug = True in /etc/ipa/server.conf (create file, if missing) - restart httpd (systemctl resart httpd) - re-try 'ipa trust-add'
Then collect whatever was logged in /var/log/httpd/error_log and send me off-list.
If trust was created in AD after which an internal error was reported, it most likely related to retrieval of the trust topology.
Sorry, I'm new to mailing lists and I don't see a pm option or a listed email on your user profile. How should I reach you off-list? --Darvid Kairne
freeipa-users@lists.fedorahosted.org