[Freeipa-users] testing AD trust on Fedora 18

Sumit Bose sbose at redhat.com
Tue Dec 18 20:30:50 UTC 2012 

On Tue, Dec 18, 2012 at 03:16:47PM -0500, John Dennis wrote:
> On 12/18/2012 01:26 PM, Andre Rodrigues wrote:
> >Hi all,
> >I'm testing AD trust following this how to:
> >http://www.freeipa.org/page/IPAv3_testing_AD_trust
> >but when I set "ipa dnszone-add" I get this:
> >[root at m ~] ipa dnszone-add <AD.DOMAIN> --name-server=<AD.NAME
> ><http://AD.NAME>> --admin-email=<MY.EMAIL> --force --forwarder=<AD.IP>
> >–forward-policy=only
> >ipa: ERROR: unable to parse cookie header
> >'ipa_session=f963e8e4006fdcd79e1a2a5a989b4d01; Domain=<IPA.DOMAIN>;
> >Path=/ipa; Expires=Thu, 18 Dec 2012 13:54:33 GMT; Secure; HttpOnly':
> >unable to parse expires datetime 'Thu, 18 Dec 2012 13:54:33'
> 
> This is an error message from something I wrote. I can't explain why
> it can't parse the expires cookie attribute because using the value
> cited in the error message it parses just fine. The only thing I can
> think of is that the time module was not imported in cookie.py, but
> in my copy of the file it is imported.
> 
> However one thing I did immediately notice, the cookie has
> Domain=<IPA.DOMAIN>, that's not valid, it's supposed to be a FQDN.
> What is the value of xmlrpc_uri in your /etc/ipa/default.conf?
> 
> >
> >and when I set "ipa trust-add" I get the following error:
> >[root at m ~] ipa trust-add --type=ad <AD.DOMAIN> --admin Adminstrator
> >--password
> >Active directory domain administrator's password:
> >ipa: ERROR: unable to parse cookie header
> >'ipa_session=7d6aeb2c92ff3197a9d3c04421f6ba15; Domain=<IPA.DOMAIN>;
> >Path=/ipa; Expires=Tue, 18 Dec 2012 18:32:05 GMT; Secure; HttpOnly':
> >unable to parse expires datetime 'Tue, 18 Dec 2012 18:32:05'
> 
> Sorry, someone else will have to help you with the below:

I guess this error message is just triggered by the cookie error.

bye,
Sumit

> 
> >ipa: ERROR: Cannot perform join operation without Samba 4 support installed.
> >                               Make sure you have installed
> >server-trust-ad sub-package of IPA
> >
> >but I have the server-trust-ad installed:--
> John Dennis <jdennis at redhat.com>
> 
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

More information about the Freeipa-users mailing list