[Freeipa-users] Centos 7 - ipa-server-3.3.3 AD trust trust-fetch-domains and add external group problem
mete bilgin
metebilgin48 at gmail.com
Fri Feb 27 12:03:57 UTC 2015
2015-02-27 12:23 GMT+02:00 Alexander Bokovoy <abokovoy at redhat.com>:
> On Fri, 27 Feb 2015, mete bilgin wrote:
>
>> [0000] 85 A6 68 FD 0D BF 20 B8 ..h... .
>> s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4e2a90
>> s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4e2a90
>> s4_tevent: Destroying timer event 0x7fed9c0487b0 "tevent_req_timedout"
>> s4_tevent: Destroying timer event 0x7fed9c044ed0 "dcerpc_timeout_handler"
>> s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4e2760
>> s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4e2760
>> netr_LogonControl2Ex: struct netr_LogonControl2Ex
>> out: struct netr_LogonControl2Ex
>> query : *
>> query : union
>> netr_CONTROL_QUERY_INFORMATION(case 2)
>> info2 : *
>> info2: struct netr_NETLOGON_INFO_2
>> flags : 0x00000080 (128)
>> 0: NETLOGON_REPLICATION_NEEDED
>> 0: NETLOGON_REPLICATION_IN_PROGRESS
>> 0: NETLOGON_FULL_SYNC_REPLICATION
>> 0: NETLOGON_REDO_NEEDED
>> 0: NETLOGON_HAS_IP
>> 0: NETLOGON_HAS_TIMESERV
>> 0: NETLOGON_DNS_UPDATE_FAILURE
>> 1: NETLOGON_VERIFY_STATUS_RETURNED
>> pdc_connection_status : WERR_NO_LOGON_SERVERS
>> trusted_dc_name : *
>> trusted_dc_name : ''
>> tc_connection_status : WERR_NO_LOGON_SERVERS
>> result : WERR_OK
>>
> Here is the result -- AD DC was unable to reach IPA DC. Check your
> firewall and DNS records.
>
> For DNS, make sure you can resolve SRV record _ldap._tcp.IPADOMAIN.COM
> from AD DC console.
> http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#
> Verify_DNS_configuration
>
> For firewall, see
> http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#
> Firewall_configuration
>
>
> --
> / Alexander Bokovoy
>
Hi,
I think get entry for replication server. That's the problem. I remove the
replica on dns server.
https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=538e023107ed307142ca7302ff34106c53afa932
> _ldap._tcp.ipdomin.com
Server: UnKnown
Address: ::1
Non-authoritative answer:
_ldap._tcp.bilyoner.com SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = ipa02.ipadomain.com
_ldap._tcp.bilyoner.com SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = ipa01.domain.com
ipa02.ipadomain.com internet address = 172.16.50.97
ipa01.ipadomain.com internet address = 192.168.12.27
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150227/30a4de37/attachment.htm>
More information about the Freeipa-users
mailing list