[Freeipa-users] Centos 7 - ipa-server-3.3.3 AD trust trust-fetch-domains and add external group problem

mete bilgin metebilgin48 at gmail.com
Fri Feb 27 12:03:57 UTC 2015 

2015-02-27 12:23 GMT+02:00 Alexander Bokovoy <abokovoy at redhat.com>:

> On Fri, 27 Feb 2015, mete bilgin wrote:
>
>> [0000] 85 A6 68 FD 0D BF 20 B8                            ..h... .
>> s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4e2a90
>> s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4e2a90
>> s4_tevent: Destroying timer event 0x7fed9c0487b0 "tevent_req_timedout"
>> s4_tevent: Destroying timer event 0x7fed9c044ed0 "dcerpc_timeout_handler"
>> s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4e2760
>> s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4e2760
>>     netr_LogonControl2Ex: struct netr_LogonControl2Ex
>>        out: struct netr_LogonControl2Ex
>>            query                    : *
>>                query                    : union
>> netr_CONTROL_QUERY_INFORMATION(case 2)
>>                info2                    : *
>>                    info2: struct netr_NETLOGON_INFO_2
>>                        flags                    : 0x00000080 (128)
>>                               0: NETLOGON_REPLICATION_NEEDED
>>                               0: NETLOGON_REPLICATION_IN_PROGRESS
>>                               0: NETLOGON_FULL_SYNC_REPLICATION
>>                               0: NETLOGON_REDO_NEEDED
>>                               0: NETLOGON_HAS_IP
>>                               0: NETLOGON_HAS_TIMESERV
>>                               0: NETLOGON_DNS_UPDATE_FAILURE
>>                               1: NETLOGON_VERIFY_STATUS_RETURNED
>>                        pdc_connection_status    : WERR_NO_LOGON_SERVERS
>>                        trusted_dc_name          : *
>>                            trusted_dc_name          : ''
>>                        tc_connection_status     : WERR_NO_LOGON_SERVERS
>>            result                   : WERR_OK
>>
> Here is the result -- AD DC was unable to reach IPA DC. Check your
> firewall and DNS records.
>
> For DNS, make sure you can resolve SRV record _ldap._tcp.IPADOMAIN.COM
> from AD DC console.
> http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#
> Verify_DNS_configuration
>
> For firewall, see
> http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#
> Firewall_configuration
>
>
> --
> / Alexander Bokovoy
>
Hi,

I think get entry for replication server. That's the problem. I remove the
replica on dns server.

https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=538e023107ed307142ca7302ff34106c53afa932


> _ldap._tcp.ipdomin.com
Server:  UnKnown
Address:  ::1

Non-authoritative answer:
_ldap._tcp.bilyoner.com SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = ipa02.ipadomain.com
_ldap._tcp.bilyoner.com SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = ipa01.domain.com

ipa02.ipadomain.com      internet address = 172.16.50.97
ipa01.ipadomain.com      internet address = 192.168.12.27
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150227/30a4de37/attachment.htm>

More information about the Freeipa-users mailing list