[Freeipa-users] Centos 7 - ipa-server-3.3.3 AD trust trust-fetch-domains and add external group problem
Alexander Bokovoy
abokovoy at redhat.com
Fri Feb 27 09:36:02 UTC 2015
On Fri, 27 Feb 2015, mete bilgin wrote:
>2015-02-27 11:05 GMT+02:00 Martin Kosek <mkosek at redhat.com>:
>
>> On 02/27/2015 10:01 AM, mete bilgin wrote:
>>
>>>
>>> 2015-02-27 10:45 GMT+02:00 Martin Kosek <mkosek at redhat.com
>>> <mailto:mkosek at redhat.com>>:
>>>
>>> On 02/27/2015 09:39 AM, mete bilgin wrote:
>>>
>>>
>>>
>>> 2015-02-27 10:33 GMT+02:00 Martin Kosek <mkosek at redhat.com
>>> <mailto:mkosek at redhat.com>
>>> <mailto:mkosek at redhat.com <mailto:mkosek at redhat.com>>>:
>>>
>>> On 02/27/2015 09:30 AM, mete bilgin wrote:
>>>
>>> Hello,
>>>
>>> I'm trying to install ipa-server with trust (Win 2008R2).
>>> trustdomain-find will
>>> work but when i try to trust-fetch-domains "ipa: ERROR:
>>> AD domain
>>> controller
>>> complains about communication sequence. It may mean
>>> unsynchronized time
>>> on both
>>> sides, for example" return. Force to reinstall adtrust.
>>> Have
>>> any idea
>>> where is
>>> the problem?
>>>
>>>
>>> You probably done that, but did you indeed verify that the
>>> time on
>>> both
>>> your IPA server and AD are the same?
>>>
>>> http://www.freeipa.org/page/____Howto/IPAv3_AD_trust_setup#_
>>> ___Date.2Ftime_settings
>>> <http://www.freeipa.org/page/__Howto/IPAv3_AD_trust_setup#__
>>> Date.2Ftime_settings>
>>>
>>> <http://www.freeipa.org/page/__Howto/IPAv3_AD_trust_setup#__
>>> Date.2Ftime_settings
>>> <http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#
>>> Date.2Ftime_settings>>
>>>
>>> Martin
>>>
>>> Yes i did that.
>>> [root at ipa01 log]# ntpdate -u
>>> 27 Feb 10:37:00 ntpdate[11281]: adjust time server 192.168.12.239
>>> offset
>>> -0.016979 sec
>>>
>>> By the way,
>>> #wbinfo --online-status
>>>
>>> BUILTIN : online
>>> ipadomain: online
>>> addomain : offline
>>>
>>>
>>> Right. Did you also check the actual AD? Especially when AD is in a
>>> VM, or
>>> of if for example it's time zone is wrong, the UTC time may not match.
>>>
>>> Martin
>>>
>>> On AD time zone (UTC+02:00) Istanbul and the same time with ipa server.
>>>
>>>
>> Ok, thanks. It was worth a try. If this is the case, I think you will
>> simply need to follow our guide for debugging Trusts and send us the logs:
>>
>> http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#Debugging_trust
>>
>> Thanks,
>> Martin
>>
>
>Hi,
>
>I open debug and try to understand but, i can not :( Here the logs.
>
>Thank a lot.
>
>
>Error_log
>
>[Fri Feb 27 11:08:48.740996 2015] [:error] [pid 5367] ipa: INFO:
>admin at IPDOMAIN.COM: ping(version=u'2.51'): SUCCESS
>lpcfg_load: refreshing parameters from /usr/share/ipa/smb.conf.empty
>params.c:pm_process() - Processing configuration file
>"/usr/share/ipa/smb.conf.empty"
>Processing section "[global]"
>INFO: Current debug levels:
> all: 100
> tdb: 100
> printdrivers: 100
> lanman: 100
> smb: 100
> rpc_parse: 100
> rpc_srv: 100
> rpc_cli: 100
> passdb: 100
> sam: 100
> auth: 100
> winbind: 100
> vfs: 100
> idmap: 100
> quota: 100
> acls: 100
> locking: 100
> msdfs: 100
> dmapi: 100
> registry: 100
> scavenger: 100
> dns: 100
> ldb: 100
>pm_process() returned Yes
>Using binding ncacn_np:ipa01.IPDOMAIN.com[,]
>s4_tevent: Added timed event "dcerpc_connect_timeout_handler":
>0x7fed9c334520
>s4_tevent: Added timed event "composite_trigger": 0x7fed9c3ec530
>s4_tevent: Added timed event "composite_trigger": 0x7fed9c2f6310
>s4_tevent: Running timer event 0x7fed9c3ec530 "composite_trigger"
>s4_tevent: Destroying timer event 0x7fed9c2f6310 "composite_trigger"
>Mapped to DCERPC endpoint \pipe\lsarpc
>added interface docker0 ip=172.17.42.1 bcast=172.17.255.255
>netmask=255.255.0.0
>added interface ens192 ip=192.168.12.27 bcast=192.168.12.255
>netmask=255.255.255.0
>added interface docker0 ip=172.17.42.1 bcast=172.17.255.255
>netmask=255.255.0.0
>added interface ens192 ip=192.168.12.27 bcast=192.168.12.255
>netmask=255.255.255.0
>s4_tevent: Ending timer event 0x7fed9c3ec530 "composite_trigger"
>s4_tevent: Added timed event "connect_multi_timer": 0x7fed9c4cb560
>s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4cb0b0
>s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4cb0b0
>s4_tevent: Destroying timer event 0x7fed9c4cb560 "connect_multi_timer"
>Socket options:
> SO_KEEPALIVE = 0
> SO_REUSEADDR = 0
> SO_BROADCAST = 0
> TCP_NODELAY = 1
> TCP_KEEPCNT = 9
> TCP_KEEPIDLE = 7200
> TCP_KEEPINTVL = 75
> IPTOS_LOWDELAY = 0
> IPTOS_THROUGHPUT = 0
> SO_REUSEPORT = 0
> SO_SNDBUF = 663430
> SO_RCVBUF = 261942
> SO_SNDLOWAT = 1
> SO_RCVLOWAT = 1
> SO_SNDTIMEO = 0
> SO_RCVTIMEO = 0
> TCP_QUICKACK = 1
> TCP_DEFER_ACCEPT = 0
>s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4caa80
>s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
>0x7fed9c4cb560
>s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
>0x7fed9c4cb560
>s4_tevent: Destroying timer event 0x7fed9c4caa80 "tevent_req_timedout"
>Starting GENSEC mechanism spnego
>Starting GENSEC submechanism gssapi_krb5
>Ticket in credentials cache for @IPDOMAIN will expire in 80256 secs
>s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4d0960
>s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
>0x7fed9c4cb560
>s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
>0x7fed9c4cb560
>s4_tevent: Destroying timer event 0x7fed9c4d0960 "tevent_req_timedout"
>gensec_gssapi: NO credentials were delegated
>GSSAPI Connection will be cryptographically sealed
>s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4d0360
>s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
>0x7fed9c4cb560
>s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
>0x7fed9c4cb560
>s4_tevent: Destroying timer event 0x7fed9c4d0360 "tevent_req_timedout"
>s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4cf550
>s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
>0x7fed9c4cb560
>s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
>0x7fed9c4cb560
>s4_tevent: Destroying timer event 0x7fed9c4cf550 "tevent_req_timedout"
>num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
>data_total=72, this_data=72, max_data=65535, param_offset=84, param_pad=2,
>param_disp=0, data_offset=84, data_pad=0, data_disp=0
>s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4d9a30
>s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
>0x7fed9c4cb560
>s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7fed9c4d9df0
>s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
>0x7fed9c4cb560
>s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4d9640
>s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4d9640
>s4_tevent: Destroying timer event 0x7fed9c4d9a30 "tevent_req_timedout"
>s4_tevent: Destroying timer event 0x7fed9c4d9df0 "dcerpc_timeout_handler"
>s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c3ec8a0
>s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c3ec8a0
>s4_tevent: Destroying timer event 0x7fed9c334520
>"dcerpc_connect_timeout_handler"
> lsa_OpenPolicy2: struct lsa_OpenPolicy2
> in: struct lsa_OpenPolicy2
> system_name : *
> system_name : ''
> attr : *
> attr: struct lsa_ObjectAttribute
> len : 0x00000000 (0)
> root_dir : NULL
> object_name : NULL
> attributes : 0x00000000 (0)
> sec_desc : NULL
> sec_qos : *
> sec_qos: struct lsa_QosInfo
> len : 0x00000000 (0)
> impersonation_level : 0x0000 (0)
> context_mode : 0x00 (0)
> effective_only : 0x00 (0)
> access_mask : 0x02000000 (33554432)
> 0: LSA_POLICY_VIEW_LOCAL_INFORMATION
> 0: LSA_POLICY_VIEW_AUDIT_INFORMATION
> 0: LSA_POLICY_GET_PRIVATE_INFORMATION
> 0: LSA_POLICY_TRUST_ADMIN
> 0: LSA_POLICY_CREATE_ACCOUNT
> 0: LSA_POLICY_CREATE_SECRET
> 0: LSA_POLICY_CREATE_PRIVILEGE
> 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS
> 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS
> 0: LSA_POLICY_AUDIT_LOG_ADMIN
> 0: LSA_POLICY_SERVER_ADMIN
> 0: LSA_POLICY_LOOKUP_NAMES
> 0: LSA_POLICY_NOTIFICATION
>rpc request data:
>[0000] 00 00 02 00 01 00 00 00 00 00 00 00 01 00 00 00 ........ ........
>[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
>[0020] 00 00 00 00 00 00 00 00 04 00 02 00 00 00 00 00 ........ ........
>[0030] 00 00 00 00 00 00 00 02 ........
>s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c2f22c0
>s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7fed9c4d0be0
>s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c2f22c0
>s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c2f22c0
>num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
>data_total=80, this_data=80, max_data=4280, param_offset=84, param_pad=2,
>param_disp=0, data_offset=84, data_pad=0, data_disp=0
>s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4d9d00
>s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
>0x7fed9c4cb560
>s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c2f22c0
>s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
>0x7fed9c4cb560
>s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4d9910
>s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4d9910
>s4_tevent: Destroying timer event 0x7fed9c4d9d00 "tevent_req_timedout"
>s4_tevent: Destroying timer event 0x7fed9c4d0be0 "dcerpc_timeout_handler"
>s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c3ec8a0
>s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c3ec8a0
> lsa_OpenPolicy2: struct lsa_OpenPolicy2
> out: struct lsa_OpenPolicy2
> handle : *
> handle: struct policy_handle
> handle_type : 0x00000000 (0)
> uuid :
>00000014-0000-0000-f054-20348a2a0000
> result : NT_STATUS_OK
>rpc reply data:
>[0000] 00 00 00 00 14 00 00 00 00 00 00 00 F0 54 20 34 ........ .....T 4
>[0010] 8A 2A 00 00 00 00 00 00 .*......
> lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2
> in: struct lsa_QueryInfoPolicy2
> handle : *
> handle: struct policy_handle
> handle_type : 0x00000000 (0)
> uuid :
>00000014-0000-0000-f054-20348a2a0000
> level : LSA_POLICY_INFO_DNS (12)
>rpc request data:
>[0000] 00 00 00 00 14 00 00 00 00 00 00 00 F0 54 20 34 ........ .....T 4
>[0010] 8A 2A 00 00 0C 00 .*....
>s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c2f22c0
>s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7fed9c3ec350
>s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c2f22c0
>s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c2f22c0
>num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
>data_total=46, this_data=46, max_data=4280, param_offset=84, param_pad=2,
>param_disp=0, data_offset=84, data_pad=0, data_disp=0
>s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4d9ec0
>s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
>0x7fed9c4cb560
>s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c2f22c0
>s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
>0x7fed9c4cb560
>s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4d9af0
>s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4d9af0
>s4_tevent: Destroying timer event 0x7fed9c4d9ec0 "tevent_req_timedout"
>s4_tevent: Destroying timer event 0x7fed9c3ec350 "dcerpc_timeout_handler"
>s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4d0ad0
>s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4d0ad0
> lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2
> out: struct lsa_QueryInfoPolicy2
> info : *
> info : *
> info : union
>lsa_PolicyInformation(case 12)
> dns: struct lsa_DnsDomainInfo
> name: struct lsa_StringLarge
> length : 0x0010 (16)
> size : 0x0012 (18)
> string : *
> string : 'IPDOMAIN'
> dns_domain: struct lsa_StringLarge
> length : 0x0018 (24)
> size : 0x001a (26)
> string : *
> string : 'IPDOMAIN.com'
> dns_forest: struct lsa_StringLarge
> length : 0x0018 (24)
> size : 0x001a (26)
> string : *
> string : 'IPDOMAIN.com'
> domain_guid :
>00000015-e851-c207-0dd0-a20419e2e2c7
> sid : *
> sid :
>S-1-5-21-3255298129-77778957-3353535001
> result : NT_STATUS_OK
>rpc reply data:
>[0000] 00 00 02 00 0C 00 00 00 10 00 12 00 04 00 02 00 ........ ........
>[0010] 18 00 1A 00 08 00 02 00 18 00 1A 00 0C 00 02 00 ........ ........
>[0020] 15 00 00 00 51 E8 07 C2 0D D0 A2 04 19 E2 E2 C7 ....Q... ........
>[0030] 10 00 02 00 09 00 00 00 00 00 00 00 08 00 00 00 ........ ........
>[0040] 42 00 49 00 4C 00 59 00 4F 00 4E 00 45 00 52 00 B.I.L.Y. O.N.E.R.
>[0050] 0D 00 00 00 00 00 00 00 0C 00 00 00 62 00 69 00 ........ ....b.i.
>[0060] 6C 00 79 00 6F 00 6E 00 65 00 72 00 2E 00 63 00 l.y.o.n. e.r...c.
>[0070] 6F 00 6D 00 0D 00 00 00 00 00 00 00 0C 00 00 00 o.m..... ........
>[0080] 62 00 69 00 6C 00 79 00 6F 00 6E 00 65 00 72 00 b.i.l.y. o.n.e.r.
>[0090] 2E 00 63 00 6F 00 6D 00 04 00 00 00 01 04 00 00 ..c.o.m. ........
>[00A0] 00 00 00 05 15 00 00 00 51 E8 07 C2 0D D0 A2 04 ........ Q.......
>[00B0] 19 E2 E2 C7 00 00 00 00 ........
> lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2
> in: struct lsa_QueryInfoPolicy2
> handle : *
> handle: struct policy_handle
> handle_type : 0x00000000 (0)
> uuid :
>00000014-0000-0000-f054-20348a2a0000
> level : LSA_POLICY_INFO_ROLE (6)
>rpc request data:
>[0000] 00 00 00 00 14 00 00 00 00 00 00 00 F0 54 20 34 ........ .....T 4
>[0010] 8A 2A 00 00 06 00 .*....
>s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c2f22c0
>s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7fed9c4d0f90
>s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c2f22c0
>s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fed9c2f22c0
>num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
>data_total=46, this_data=46, max_data=4280, param_offset=84, param_pad=2,
>param_disp=0, data_offset=84, data_pad=0, data_disp=0
>s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4da450
>s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
>0x7fed9c4cb560
>s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fed9c2f22c0
>s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
>0x7fed9c4cb560
>s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4d9fe0
>s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4d9fe0
>s4_tevent: Destroying timer event 0x7fed9c4da450 "tevent_req_timedout"
>s4_tevent: Destroying timer event 0x7fed9c4d0f90 "dcerpc_timeout_handler"
>s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c3ec3e0
>s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c3ec3e0
> lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2
> out: struct lsa_QueryInfoPolicy2
> info : *
> info : *
> info : union
>lsa_PolicyInformation(case 6)
> role: struct lsa_ServerRole
> role : LSA_ROLE_PRIMARY (3)
> result : NT_STATUS_OK
>rpc reply data:
>[0000] 00 00 02 00 06 00 00 00 03 00 00 00 00 00 00 00 ........ ........
>lpcfg_load: refreshing parameters from /usr/share/ipa/smb.conf.empty
>params.c:pm_process() - Processing configuration file
>"/usr/share/ipa/smb.conf.empty"
>Processing section "[global]"
>INFO: Current debug levels:
> all: 100
> tdb: 100
> printdrivers: 100
> lanman: 100
> smb: 100
> rpc_parse: 100
> rpc_srv: 100
> rpc_cli: 100
> passdb: 100
> sam: 100
> auth: 100
> winbind: 100
> vfs: 100
> idmap: 100
> quota: 100
> acls: 100
> locking: 100
> msdfs: 100
> dmapi: 100
> registry: 100
> scavenger: 100
> dns: 100
> ldb: 100
>pm_process() returned Yes
>added interface docker0 ip=172.17.42.1 bcast=172.17.255.255
>netmask=255.255.0.0
>added interface ens192 ip=192.168.12.27 bcast=192.168.12.255
>netmask=255.255.255.0
>added interface docker0 ip=172.17.42.1 bcast=172.17.255.255
>netmask=255.255.0.0
>added interface ens192 ip=192.168.12.27 bcast=192.168.12.255
>netmask=255.255.255.0
>added interface docker0 ip=172.17.42.1 bcast=172.17.255.255
>netmask=255.255.0.0
>added interface ens192 ip=192.168.12.27 bcast=192.168.12.255
>netmask=255.255.255.0
>added interface docker0 ip=172.17.42.1 bcast=172.17.255.255
>netmask=255.255.0.0
>added interface ens192 ip=192.168.12.27 bcast=192.168.12.255
>netmask=255.255.255.0
>finddcs: searching for a DC by DNS domain addomain.com
>finddcs: looking for SRV records for _ldap._tcp.addomain.com
>ads_dns_lookup_srv: 3 records returned in the answer section.
>ads_dns_parse_rr_srv: Parsed ad.addomain.com [0, 100, 389]
>ads_dns_parse_rr_srv: Parsed kratos.addomain.com [0, 100, 389]
>ads_dns_parse_rr_srv: Parsed beatrice.addomain.com [0, 100, 389]
>Addrs = 192.168.12.236 at 389/ad,172.16.50.70 at 389/kratos,192.168.12.239 at 389
>/beatrice
>finddcs: DNS SRV response 0 at '192.168.12.236'
>finddcs: DNS SRV response 1 at '172.16.50.70'
>finddcs: DNS SRV response 2 at '192.168.12.239'
>finddcs: performing CLDAP query on 192.168.12.236
>s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4d6230
>s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4d66e0
>s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4d66e0
>s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4d69b0
>s4_tevent: Destroying timer event 0x7fed9c4d69b0 "tevent_req_timedout"
>s4_tevent: Destroying timer event 0x7fed9c4d6230 "tevent_req_timedout"
> &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX
> command : LOGON_SAM_LOGON_RESPONSE_EX (23)
> sbz : 0x0000 (0)
> server_type : 0x000031fd (12797)
> 1: NBT_SERVER_PDC
> 1: NBT_SERVER_GC
> 1: NBT_SERVER_LDAP
> 1: NBT_SERVER_DS
> 1: NBT_SERVER_KDC
> 1: NBT_SERVER_TIMESERV
> 1: NBT_SERVER_CLOSEST
> 1: NBT_SERVER_WRITABLE
> 0: NBT_SERVER_GOOD_TIMESERV
> 0: NBT_SERVER_NDNC
> 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
> 1: NBT_SERVER_FULL_SECRET_DOMAIN_6
> 1: NBT_SERVER_ADS_WEB_SERVICE
> 0: NBT_SERVER_HAS_DNS_NAME
> 0: NBT_SERVER_IS_DEFAULT_NC
> 0: NBT_SERVER_FOREST_ROOT
> domain_uuid : 6aac190b-04eb-464f-bdcc-b07e27e2d1e5
> forest : 'addomain.com'
> dns_domain : 'addomain.com'
> pdc_dns_name : 'ad.addomain.com'
> domain_name : 'LIBERO'
> pdc_name : 'ad'
> user_name : ''
> server_site : 'Default-First-Site-Name'
> client_site : 'Default-First-Site-Name'
> sockaddr_size : 0x00 (0)
> sockaddr: struct nbt_sockaddr
> sockaddr_family : 0x00000000 (0)
> pdc_ip : (null)
> remaining : DATA_BLOB length=0
> next_closest_site : NULL
> nt_version : 0x00000005 (5)
> 1: NETLOGON_NT_VERSION_1
> 0: NETLOGON_NT_VERSION_5
> 1: NETLOGON_NT_VERSION_5EX
> 0: NETLOGON_NT_VERSION_5EX_WITH_IP
> 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
> 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
> 0: NETLOGON_NT_VERSION_PDC
> 0: NETLOGON_NT_VERSION_IP
> 0: NETLOGON_NT_VERSION_LOCAL
> 0: NETLOGON_NT_VERSION_GC
> lmnt_token : 0xffff (65535)
> lm20_token : 0xffff (65535)
>finddcs: Found matching DC 192.168.12.236 with server_type=0x000031fd
>Using binding ncacn_np:ad.addomain.com[,]
>s4_tevent: Added timed event "dcerpc_connect_timeout_handler":
>0x7fed9c4d4b90
>s4_tevent: Added timed event "composite_trigger": 0x7fed9c4d5180
>s4_tevent: Added timed event "composite_trigger": 0x7fed9c4d54b0
>s4_tevent: Running timer event 0x7fed9c4d5180 "composite_trigger"
>s4_tevent: Destroying timer event 0x7fed9c4d54b0 "composite_trigger"
>Mapped to DCERPC endpoint \pipe\lsarpc
>added interface docker0 ip=172.17.42.1 bcast=172.17.255.255
>netmask=255.255.0.0
>added interface ens192 ip=192.168.12.27 bcast=192.168.12.255
>netmask=255.255.255.0
>added interface docker0 ip=172.17.42.1 bcast=172.17.255.255
>netmask=255.255.0.0
>added interface ens192 ip=192.168.12.27 bcast=192.168.12.255
>netmask=255.255.255.0
>s4_tevent: Ending timer event 0x7fed9c4d5180 "composite_trigger"
>s4_tevent: Added timed event "connect_multi_timer": 0x7fed9c4d8b90
>s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4d5180
>s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4d5180
>s4_tevent: Destroying timer event 0x7fed9c4d8b90 "connect_multi_timer"
>Socket options:
> SO_KEEPALIVE = 0
> SO_REUSEADDR = 0
> SO_BROADCAST = 0
> TCP_NODELAY = 1
> TCP_KEEPCNT = 9
> TCP_KEEPIDLE = 7200
> TCP_KEEPINTVL = 75
> IPTOS_LOWDELAY = 0
> IPTOS_THROUGHPUT = 0
> SO_REUSEPORT = 0
> SO_SNDBUF = 23080
> SO_RCVBUF = 87380
> SO_SNDLOWAT = 1
> SO_RCVLOWAT = 1
> SO_SNDTIMEO = 0
> SO_RCVTIMEO = 0
> TCP_QUICKACK = 1
> TCP_DEFER_ACCEPT = 0
>s4_tevent: Added timed event "tevent_req_timedout": 0x7fed9c4dbfe0
>s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
>0x7fed9c4d8b90
>s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
>0x7fed9c4d8b90
>s4_tevent: Destroying timer event 0x7fed9c4dbfe0 "tevent_req_timedout"
>Starting GENSEC mechanism spnego
>Starting GENSEC submechanism gssapi_krb5
>Ticket in credentials cache for @IPDOMAIN will expire in 86400 secs
>GSS client Update(krb5)(1) Update failed: Unspecified GSS failure. Minor
>code may provide more information: KDC policy rejects request
This means your trust is not working. How did you established trust?
Show exact commands.
"KDC policy rejects request" means AD DC was unable to complete trust
validation. Usually it means it was unable to talk back to IPA master
which it discovers via SRV records over DNS.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list