Hi List I'm currently working through the IPAv3 AD integration document at:
http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup I've managed to establish a trust between the IdM and the AD server. However, when I run the command: --- [root@kwtpocidm001 ~]# ipa trustdomain-fetch "mhatest.local" ipa: ERROR: unknown command 'trustdomain-fetch' --- It would appear the 'trustdomain-fetch' command is not present anymore or has been replaced with something else? I speculate it's this: --- [root@kwtpocidm001 ~]# ipa trust-fetch-domains "mhatest.local" ipa: ERROR: AD domain controller complains about communication sequence. It may mean unsynchronized time on both sides, for example --- Is this correct? If indeed "trust-fetch-domains" is the correct command, then .w.r.t this error message: "ipa: ERROR: AD domain controller complains about communication sequence. It may mean unsynchronized time on both sides, for example" a) Checked the time synch on the AD server and the RHEL 7 IdM server and it's fine. b) Here's a snippet around the error when running ipa with "-d": ---- ipa: DEBUG: approved_usage = SSL Server intended_usage = SSL Server ipa: DEBUG: cert valid True for "CN=kwtpocidm001.linux.mhatest.local,O=LINUX.MHATEST.LOCAL" ipa: DEBUG: handshake complete, peer = 172.16.107.108:443 ipa: DEBUG: received Set-Cookie 'ipa_session=1fe28460c7ec75d6da8d7e3b53c2e51f; Domain=kwtpocidm001.linux.mhatest.local; Path=/ipa; Expires=Thu, 11 Sep 2014 13:12:02 GMT; Secure; HttpOnly' ipa: DEBUG: storing cookie 'ipa_session=1fe28460c7ec75d6da8d7e3b53c2e51f; Domain=kwtpocidm001.linux.mhatest.local; Path=/ipa; Expires=Thu, 11 Sep 2014 13:12:02 GMT; Secure; HttpOnly' for principal admin@LINUX.MHATEST.LOCAL ipa: DEBUG: Starting external process ipa: DEBUG: args=keyctl search @s user ipa_session_cookie:admin@LINUX.MHATEST.LOCAL ipa: DEBUG: Process finished, return code=0 ipa: DEBUG: stdout=334684795 ipa: DEBUG: stderr= ipa: DEBUG: Starting external process ipa: DEBUG: args=keyctl search @s user ipa_session_cookie:admin@LINUX.MHATEST.LOCAL ipa: DEBUG: Process finished, return code=0 ipa: DEBUG: stdout=334684795 ipa: DEBUG: stderr= ipa: DEBUG: Starting external process ipa: DEBUG: args=keyctl pupdate 334684795 ipa: DEBUG: Process finished, return code=0 ipa: DEBUG: stdout= ipa: DEBUG: stderr= ipa: DEBUG: Caught fault 4016 from server https://kwtpocidm001.linux.mhatest.local/ipa/session/xml: AD domain controller complains about communication sequence. It may mean unsynchronized time on both sides, for example ipa: DEBUG: Destroyed connection context.xmlclient ipa: ERROR: AD domain controller complains about communication sequence. It may mean unsynchronized time on both sides, for example ---- Many thanks in advance for any assistance! Traiano
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project