[Freeipa-users] ipa AD trust issue

Dmitri Pal dpal at redhat.com
Fri Jan 17 23:42:15 UTC 2014 

On 01/17/2014 06:29 PM, Zulkifal Ahmad wrote:
> Hi List , Just wanted to find out if anyone has setup an ipa-AD trust
> successfully, According to the instructions in the following link
> https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/trust-ipa-subdomain.html
> everything went well until I hit the point where I had to check the
> samba configuration, by typing the command
> root at ipaserver <mailto:root at ipaserver>#  smbclient -L
> ipaserver.ipaexample.com -k
> smbclient: command not found
> and similar for
> root at ipaserver <mailto:root at ipaserver>#  wbinfo --online-status
> wbinfo: command not found
>  
> I am pretty sure that the command "ipa-trust-install" command did
> install samba4 packages as dependencies, anyways I thought these
> packages were not necessary and  went forward until I got really stuck
> when I typed the command .
> root at ipaserver <mailto:root at ipaserver># ipa trust-add --type=ad
> adexample.com --admin Administrator --password
> This gave me a very cruel message
> ipa: ERROR: CIFS server communication error: code "-1073741801",
>                   message "Memory allocation error" (both may be "None")
> If its this bug " https://bugzilla.redhat.com/show_bug.cgi?id=878168 "

Yes. The solution is:

If configured, the Active Directory (AD) DNS server returns IPv4 and
IPv6 addresses of an AD server. If the FreeIPA server cannot connect to
the AD server with an IPv6 address, running the ipa trust-add command
will fail even if it would be possible to use IPv4. To work around this
problem, add the IPv4 address of the AD server to the /etc/hosts file.
In this case, the FreeIPA server will use only the IPv4 address and
executing ipa trust-add will be successful.

> has anyone worked it out. Secondly cifs-utils has dependency on samba3
> packages and ipa-ad-trust needs samba4 but samba3 and samba4 don't
> like each other , so this is the story of my experience with ipa. Any
> suggestions ?

Why do you need cifs-utils on the same server?
cifs-utils to make a system a client to MSFT file server, AFAIU you cant
make IPA server to be a cifs client.

SSSD 1.12 (in works) if going to be capable to work with cifs-utils
instead of samba winbind thus the limitation will be lifted. 


> My ipa server server OS : CentOS 6.5
> ipa server version : 3
> Active directory: server 2008 R2 Standard
>  
> Thank you
> */ Best Regards/*
> //
> /Sahibzada .Z. Ahmad/
> /System Administrator/*
> *
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140117/b3c65201/attachment.htm>

More information about the Freeipa-users mailing list