URL:
Reporter RHNID:
Section: -
Language: en-US (English)
Workaround:

Description: p. 203
So here are the prerequisites mentioned but it should be turned into a nice numbered list to make it more memorable. See

1. Supported Windows versions
2. DNS Requirements. Also, mention that DNSSEC validation must be turned off! Verifying DNS by running queries is important but some of those SRV records will not exist before running ipa-adtrust-install.
3. Kerberos realm names
4. NetBIOS names. Explain what this is.
5. Firewall ports. Firewalld has a service defined to cover these additional needed ports. It's called freeipa-trust. Unfortunately none of the AD trust exercises in the student manual use it. The exercises completely overlook the fact that Trust Controllers need these additional ports open.
6. IPv6 settings
7. Clock settings - NTP

• Preparing the IdM Server for Trust
  When showing ipa-adtrust-install make sure to add the --netbios-name= option.