[Freeipa-users] Integrating FreeIPA with ActiveDirectory (Windows 2008 R2)

Traiano Welcome traiano at gmail.com
Wed Sep 10 21:12:14 UTC 2014 

Hi List

I've been following the AD integration guide for IPAv3 here:
http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup
However, when I reach the "Add trust with AD domain" step I get the
following error:

---
[root at ipa ~]# ipa trust-add --type=ad mhatest.local --admin Administrator
--password
Active directory domain administrator's password:
ipa: ERROR: CIFS server communication error: code "-1073741801",
                  message "Memory allocation error" (both may be "None")
---

... And I'm at a loss for how to interpret this :-) Details on my setup:

- Windows 2008 R2 AD DC
- CentOS Linux 6.5 IPA server (installed  from yum repos)

I've attached the output of "ipa trust-add" with the debug flag set. There
is also a summary of the packet conversation between the IPA server and the
AD DC during the run of "ipa trust-add":

---
[root at ipa ~]# tcpdump  host 172.16.107.109 and host 172.16.107.108
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
00:05:28.624337 IP ipa.linux.mhatest.local.48394 >
kwthqtstad001.mhatest.local.domain: 0+ A? ipa.linux.mhatest.local. (41)
00:05:28.624857 IP kwthqtstad001.mhatest.local.domain >
ipa.linux.mhatest.local.48394: 0 NXDomain* 0/1/0 (121)
00:05:33.594937 ARP, Request who-has ipa.linux.mhatest.local
(00:50:56:9c:18:d4 (oui Unknown)) tell kwthqtstad001.mhatest.local, length
46
00:05:33.594952 ARP, Reply ipa.linux.mhatest.local is-at 00:50:56:9c:18:d4
(oui Unknown), length 28
00:06:05.056522 IP ipa.linux.mhatest.local.54679 >
kwthqtstad001.mhatest.local.domain: 0+ SRV? _ldap._tcp.linux.mhatest.local.
(48)
00:06:05.057022 IP kwthqtstad001.mhatest.local.domain >
ipa.linux.mhatest.local.54679: 0* 1/0/0 SRV ipa.linux.mhatest.local.:389 0
100 (91)
00:06:09.599671 ARP, Request who-has ipa.linux.mhatest.local
(00:50:56:9c:18:d4 (oui Unknown)) tell kwthqtstad001.mhatest.local, length
46
00:06:09.599686 ARP, Reply ipa.linux.mhatest.local is-at 00:50:56:9c:18:d4
(oui Unknown), length 28
00:06:15.376853 IP ipa.linux.mhatest.local.44400 >
kwthqtstad001.mhatest.local.domain: 0+ SRV? _ldap._tcp.linux.mhatest.local.
(48)
00:06:15.377319 IP kwthqtstad001.mhatest.local.domain >
ipa.linux.mhatest.local.44400: 0* 1/0/0 SRV ipa.linux.mhatest.local.:389 0
100 (91)
00:06:20.375747 ARP, Request who-has kwthqtstad001.mhatest.local tell
ipa.linux.mhatest.local, length 28
00:06:20.376025 ARP, Reply kwthqtstad001.mhatest.local is-at
00:15:5d:0a:0d:8b (oui Unknown), length 46
----


Any help on how to fix this and establish the AD trust relationship would
be much appreciated!

Many thanks in advance,
Traiano




The DNS configuration scenario I'm using is :
http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#If_IPA_is_subdomain_of_AD
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140911/d3ed4bc5/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dump1.log
Type: application/octet-stream
Size: 10679 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140911/d3ed4bc5/attachment.obj>

More information about the Freeipa-users mailing list