[Freeipa-users] problems with trust with AD (2 different domains
Natxo Asenjo
natxo.asenjo at gmail.com
Fri Apr 19 10:37:30 UTC 2013
I modified /etc/sysconfig/network
HOSTNAME=kdc.ipa.asenjo.nx
rebooted the host. Re-ran
# smbclient -L kdc.ipa.asenjo.nx -klp_load_ex: changing to config backend
registry
Domain=[IPA] OS=[Unix] Server=[Samba 4.0.0rc4]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba 4.0.0rc4)
Domain=[IPA] OS=[Unix] Server=[Samba 4.0.0rc4]
Tha was ok.
re-ran:
# ipa trust-add --type=ad ad.asenjo.nx --admin Administrator --password
Active directory domain administrator's password:
-----------------------------------------------------
Added Active Directory trust for realm "ad.asenjo.nx"
-----------------------------------------------------
Realm name: ad.asenjo.nx
Domain NetBIOS name: AD
Domain Security Identifier: S-1-5-21-2508008360-1834726910-79835928
Trust direction: Two-way trust
Trust type: Active Directory domain
Trust status: Established and verified
And it is working :-)
Awesome.
Thanks!
--
groet,
natxo
--
Groeten,
natxo
On Fri, Apr 19, 2013 at 12:11 PM, Sumit Bose <sbose at redhat.com> wrote:
> On Fri, Apr 19, 2013 at 11:45:47AM +0200, Natxo Asenjo wrote:
> > I saw there is a log in /var/log/samba/log.wb-IPA
> >
> > The log complains about missing keys for the spn for the hostname (not
> the
> > fqdn, just the hostname):
> >
> > Connection to LDAP server failed for the 15 try!
> > [2013/04/19 11:39:22.352522, 0] ipa_sam.c:3689(bind_callback_cleanup)
> > kerberos error: code=-1765328203, message=Keytab contains no suitable
> > keys for cifs/kdc at IPA.ASENJO.NX
>
> Can you check if
>
> $ hostname
>
> returns the fully qualified hostname, if not, please fix this, call
> ipactl stop and ipactl start and try again.
>
> bye,
> Sumit
>
> >
> >
> > --
> > Groeten,
> > natxo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130419/d16ece64/attachment.htm>
More information about the Freeipa-users
mailing list