<html dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style id="owaParaStyle" type="text/css">P {margin-top:0;margin-bottom:0;}</style>
</head>
<body ocsi="0" fpstyle="1">
<div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;">Hi,<br>
<br>
Trying to establish a trust relationship between a test domain that I have configured on windows server 2008r2 with FreeIPA 4.1.2 (Centos 7).
<br>
<br>
I have enabled debugging and I attempt to run the following command:<br>
<br>
ipa trust-add --type=ad ad.winblows --admin Administrator --password<br>
<br>
The http error logs emit the following output provided below. Looks like something connects to the domain controller perforing the CLDAP query, but then there is a second section that appears to have a problem with "non-public: KeyError: 'dns_hostname'<br>
<br>
<br>
Addrs = 172.16.1.253@389/ad1<br>
finddcs: DNS SRV response 0 at '172.16.1.253'<br>
finddcs: performing CLDAP query on 172.16.1.253<br>
s4_tevent: Added timed event "tevent_req_timedout": 0x7fbfc8220e80<br>
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fbfc8045660<br>
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fbfc8045660<br>
s4_tevent: Added timed event "tevent_req_timedout": 0x7fbfc8045c00<br>
s4_tevent: Destroying timer event 0x7fbfc8220e80 "tevent_req_timedout"<br>
s4_tevent: Destroying timer event 0x7fbfc8045c00 "tevent_req_timedout"<br>
&response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX<br>
command : LOGON_SAM_LOGON_RESPONSE_EX (23)<br>
sbz : 0x0000 (0)<br>
server_type : 0x000033fd (13309)<br>
1: NBT_SERVER_PDC <br>
1: NBT_SERVER_GC <br>
1: NBT_SERVER_LDAP <br>
1: NBT_SERVER_DS <br>
1: NBT_SERVER_KDC <br>
1: NBT_SERVER_TIMESERV <br>
1: NBT_SERVER_CLOSEST <br>
1: NBT_SERVER_WRITABLE <br>
1: NBT_SERVER_GOOD_TIMESERV <br>
0: NBT_SERVER_NDNC <br>
0: NBT_SERVER_SELECT_SECRET_DOMAIN_6<br>
1: NBT_SERVER_FULL_SECRET_DOMAIN_6<br>
1: NBT_SERVER_ADS_WEB_SERVICE<br>
0: NBT_SERVER_HAS_DNS_NAME <br>
0: NBT_SERVER_IS_DEFAULT_NC <br>
0: NBT_SERVER_FOREST_ROOT <br>
domain_uuid : 4a9706c2-e025-4556-a48b-f0e15941b60e<br>
forest : 'ad.winblows'<br>
dns_domain : 'ad.winblows'<br>
pdc_dns_name : 'ad1.ad.winblows'<br>
domain_name : 'AD'<br>
pdc_name : 'AD1'<br>
user_name : ''<br>
server_site : 'Default-First-Site-Name'<br>
client_site : 'Default-First-Site-Name'<br>
sockaddr_size : 0x00 (0)<br>
sockaddr: struct nbt_sockaddr<br>
sockaddr_family : 0x00000000 (0)<br>
pdc_ip : (null)<br>
remaining : DATA_BLOB length=0<br>
next_closest_site : NULL<br>
nt_version : 0x00000005 (5)<br>
1: NETLOGON_NT_VERSION_1 <br>
0: NETLOGON_NT_VERSION_5 <br>
1: NETLOGON_NT_VERSION_5EX <br>
0: NETLOGON_NT_VERSION_5EX_WITH_IP<br>
0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE<br>
0: NETLOGON_NT_VERSION_AVOID_NT4EMUL<br>
0: NETLOGON_NT_VERSION_PDC <br>
0: NETLOGON_NT_VERSION_IP <br>
0: NETLOGON_NT_VERSION_LOCAL<br>
0: NETLOGON_NT_VERSION_GC <br>
lmnt_token : 0xffff (65535)<br>
lm20_token : 0xffff (65535)<br>
finddcs: Found matching DC 172.16.1.253 with server_type=0x000033fd<br>
[Sat Sep 26 12:01:24.624183 2015] [:error] [pid 8407] ipa: ERROR: LDAP error when connecting to AD1: {'desc': "Can't contact LDAP server"}<br>
lpcfg_load: refreshing parameters from /usr/share/ipa/smb.conf.empty<br>
params.c:pm_process() - Processing configuration file "/usr/share/ipa/smb.conf.empty"<br>
Processing section "[global]"<br>
INFO: Current debug levels:<br>
all: 100<br>
tdb: 100<br>
printdrivers: 100<br>
lanman: 100<br>
smb: 100<br>
rpc_parse: 100<br>
rpc_srv: 100<br>
rpc_cli: 100<br>
passdb: 100<br>
sam: 100<br>
auth: 100<br>
winbind: 100<br>
vfs: 100<br>
idmap: 100<br>
quota: 100<br>
acls: 100<br>
locking: 100<br>
msdfs: 100<br>
dmapi: 100<br>
registry: 100<br>
scavenger: 100<br>
dns: 100<br>
ldb: 100<br>
pm_process() returned Yes<br>
[Sat Sep 26 12:01:24.625956 2015] [:error] [pid 8407] ipa: ERROR: non-public: KeyError: 'dns_hostname'<br>
[Sat Sep 26 12:01:24.625970 2015] [:error] [pid 8407] Traceback (most recent call last):<br>
[Sat Sep 26 12:01:24.625974 2015] [:error] [pid 8407] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 348, in wsgi_execute<br>
[Sat Sep 26 12:01:24.625977 2015] [:error] [pid 8407] result = self.Command[name](*args, **options)<br>
[Sat Sep 26 12:01:24.625982 2015] [:error] [pid 8407] File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 439, in __call__<br>
[Sat Sep 26 12:01:24.625985 2015] [:error] [pid 8407] ret = self.run(*args, **options)<br>
[Sat Sep 26 12:01:24.625988 2015] [:error] [pid 8407] File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 754, in run<br>
[Sat Sep 26 12:01:24.625991 2015] [:error] [pid 8407] return self.execute(*args, **options)<br>
[Sat Sep 26 12:01:24.625994 2015] [:error] [pid 8407] File "/usr/lib/python2.7/site-packages/ipalib/plugins/trust.py", line 473, in execute<br>
[Sat Sep 26 12:01:24.625997 2015] [:error] [pid 8407] old_range, range_name, dom_sid = self.validate_range(*keys, **options)<br>
[Sat Sep 26 12:01:24.626000 2015] [:error] [pid 8407] File "/usr/lib/python2.7/site-packages/ipalib/plugins/trust.py", line 663, in validate_range<br>
[Sat Sep 26 12:01:24.626004 2015] [:error] [pid 8407] self.realm_passwd<br>
[Sat Sep 26 12:01:24.626007 2015] [:error] [pid 8407] File "/usr/lib/python2.7/site-packages/ipaserver/dcerpc.py", line 1170, in populate_remote_domain<br>
[Sat Sep 26 12:01:24.626010 2015] [:error] [pid 8407] td.retrieve(rd.info['dns_hostname'])<br>
[Sat Sep 26 12:01:24.626013 2015] [:error] [pid 8407] KeyError: 'dns_hostname'<br>
[Sat Sep 26 12:01:24.626447 2015] [:error] [pid 8407] ipa: INFO: [jsonserver_session] admin@LOCAL: trust_add(u'ad.winblows', trust_type=u'ad', realm_admin=u'Administrator', realm_passwd=u'********', all=False, raw=False, version=u'2.112'): KeyError<br>
<br>
</div>
</body>
</html>