[Freeipa-users] AD trust showing offline after reboot

Sumit Bose sbose at redhat.com
Mon May 19 11:15:29 UTC 2014 

On Mon, May 19, 2014 at 04:29:24PM +0530, Supratik Goswami wrote:
> Hi
> 
> Let me start from the beginning once again. Let me explain you what steps I
> followed during the setup.
> 
> I am setting up the environment in Amazon AWS, both Windows AD server and
> Linux IPA configured in EC2.
> For configuring Windows 2008 I selected
> Windows_Server-2008-R2_SP1-English-64Bit-Base-2014.04.09 (ami-df8e93b6)
> and for configuring IPA server I selected CentOS 6.5 (x86_64) - Release
> Media (ami-8997afe0).
> 
> I followed the steps from
> http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup and also kept the
> domain names
> similar as in the example.
> 
> IPA server hostname: ipaserver
> IPA domain:          ipadomain.example.com
> IPA NetBIOS:         IPADOMAIN
> 
> AD DC hostname:      adserver
> AD domain:           addomain.example.com
> AD NetBIOS:          ADDOMAIN
> 
> 
> 1. Updated the system and install the packages.
> 
> # yum update -y
> # yum install -y "*ipa-server" "*ipa-server-trust-ad"
> samba4-winbind-clients samba4-winbind samba4-client bind bind-dyndb-ldap
> 
> List of important packages installed during the update are as follows.
> 
>  bind                    x86_64  32:9.8.2-0.23.rc1.el6_5.1
>  bind-dyndb-ldap         x86_64  2.3-5.el6
> 
>  ipa-server              x86_64  3.0.0-37.el6
>  ipa-server-trust-ad     x86_64  3.0.0-37.el6
>  ipa-admintools          x86_64  3.0.0-37.el6
>  ipa-client              x86_64  3.0.0-37.el6
>  ipa-pki-ca-theme        noarch  9.0.3-7.el6
>  ipa-pki-common-theme    noarch  9.0.3-7.el6
>  ipa-python              x86_64  3.0.0-37.el6
>  ipa-server-selinux      x86_64  3.0.0-37.el6
> 
>  samba4-client           x86_64  4.0.0-61.el6_5.rc4
>  samba4-winbind          x86_64  4.0.0-61.el6_5.rc4
>  samba4-winbind-clients  x86_64  4.0.0-61.el6_5.rc4
>  samba4                  x86_64  4.0.0-61.el6_5.rc4
>  samba4-common           x86_64  4.0.0-61.el6_5.rc4
>  samba4-libs             x86_64  4.0.0-61.el6_5.rc4
>  samba4-python           x86_64  4.0.0-61.el6_5.rc4

ah, sorry, I this might be a known issue, but I got on a wrong track
because I thought it was working initially and only failed after reboot.

Please try to set "client min protocol" and "client max protocol" in the
samba configuration:

net conf setparm global "client min protocol" smb2_02
net conf setparm global "client max protocol" smb2_02

restart winbind and try again.

HTH

bye,
Sumit

> 
>  389-ds-base             x86_64  1.2.11.15-32.el6_5
>  389-ds-base-libs        x86_64  1.2.11.15-32.el6_5
> 
>  certmonger              x86_64  0.61-3.el6
> 
>  krb5-server             x86_64  1.10.3-15.el6_5.1
>  krb5-workstation        x86_64  1.10.3-15.el6_5.1
> 
>  sssd                    x86_64  1.9.2-129.el6_5.4
>  sssd-client             x86_64  1.9.2-129.el6_5.4
> 
> 
>

More information about the Freeipa-users mailing list