[Freeipa-users] Help: Rebooted IPA server and AD Trust shows offline

Fri Jun 27 18:57:25 UTC 2014

Hi,

Probably there are better ways to solve this issue but the way that works for me is to validate the trust from the AD side after a reboot of the IPA Server - it always shows as offline for me too. On 2012 Server you can do this through Active Directory Domains and Trusts - properties on your domain and go to trust tab - properties again. Next you press validate on the General tab. AD will ask for authentication but that can be skipped.
AD Trust will be back online right away and you can check it through wbinfo --online-status.

Probably the procedure are similar on Server 2008.

Johan
________________________________
From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Mark Gardner [maleko42 at gmail.com]
Sent: Friday, June 27, 2014 20:23
To: freeipa-users
Subject: [Freeipa-users] Help: Rebooted IPA server and AD Trust shows offline

Was trying to add an external ad group to IPA, it kept failing with unable to connect to server.

Figured I'd reboot to clear things up.  Oops.

Now wbinfo --online-status shows are AD as offline.
wbinfo -u shows blank

wbinfo -n 'DOMAIN\user' gives the following message:

failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
could not lookup 'Domain\user'

I saw a similar post in the freeipa-users archive about adding
        client min protocol = CORE
        client max protocol = SMB2_02
to the samba config; restarted winbind and still getting errors

FreeIPA 3.0
Windows 2008 R2.

This e-mail is private and confidential between the sender and the addressee.
In the event of misdirection, the recipient is prohibited from using, copying or disseminating it or any information in it. Please notify the above if any misdirection.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140627/1714d49c/attachment.htm>