[Freeipa-users] problems with trust with AD (2 different domains

[Natxo Asenjo]

I modified /etc/sysconfig/network
HOSTNAME=kdc.ipa.asenjo.nx

rebooted the host. Re-ran

# smbclient -L kdc.ipa.asenjo.nx -klp_load_ex: changing to config backend
registry
Domain=[IPA] OS=[Unix] Server=[Samba 4.0.0rc4]

    Sharename       Type      Comment
    ---------       ----      -------
    IPC$            IPC       IPC Service (Samba 4.0.0rc4)
Domain=[IPA] OS=[Unix] Server=[Samba 4.0.0rc4]

Tha was ok.

re-ran:

# ipa trust-add --type=ad ad.asenjo.nx --admin Administrator --password
Active directory domain administrator's password:
-----------------------------------------------------
Added Active Directory trust for realm "ad.asenjo.nx"
-----------------------------------------------------
  Realm name: ad.asenjo.nx
  Domain NetBIOS name: AD
  Domain Security Identifier: S-1-5-21-2508008360-1834726910-79835928
  Trust direction: Two-way trust
  Trust type: Active Directory domain
  Trust status: Established and verified

And it is working :-)

Awesome.

Thanks!

-- 
groet,
natxo


--
Groeten,
natxo


On Fri, Apr 19, 2013 at 12:11 PM, Sumit Bose <sbose at redhat.com> wrote:

> On Fri, Apr 19, 2013 at 11:45:47AM +0200, Natxo Asenjo wrote:
> > I saw there is a log in /var/log/samba/log.wb-IPA
> >
> > The log complains about missing keys for the spn for the hostname (not
> the
> > fqdn, just the hostname):
> >
> >  Connection to LDAP server failed for the 15 try!
> > [2013/04/19 11:39:22.352522,  0] ipa_sam.c:3689(bind_callback_cleanup)
> >   kerberos error: code=-1765328203, message=Keytab contains no suitable
> > keys for cifs/kdc at IPA.ASENJO.NX
>
> Can you check if
>
> $ hostname
>
> returns the fully qualified hostname, if not, please fix this, call
> ipactl stop and ipactl start and try again.
>
> bye,
> Sumit
>
> >
> >
> > --
> > Groeten,
> > natxo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130419/d16ece64/attachment.htm>