[Freeipa-users] Only one AD user can able to login to IPA server
Ben .T.George
bentech4you at gmail.com
Wed Mar 18 05:12:35 UTC 2015
Dear Alex
i already enable debugging and this is what i am getting on error_log while
running : ipa trust-add --type=ad infra.com --admin Administrator --password
[Wed Mar 18 08:10:17.470460 2015] [:error] [pid 15176] ipa: DEBUG: WSGI
wsgi_dispatch.__call__:
[Wed Mar 18 08:10:17.470571 2015] [:error] [pid 15176] ipa: DEBUG: WSGI
jsonserver_session.__call__:
[Wed Mar 18 08:10:17.470821 2015] [:error] [pid 15176] ipa: DEBUG: found
session cookie_id = 15b334c24b28c1e228c1e843efb0bf86
[Wed Mar 18 08:10:17.471493 2015] [:error] [pid 15176] ipa: DEBUG: found
session data in cache with id=15b334c24b28c1e228c1e843efb0bf86
[Wed Mar 18 08:10:17.471613 2015] [:error] [pid 15176] ipa: DEBUG:
jsonserver_session.__call__: session_id=15b334c24b28c1e228c1e843efb0bf86
start_timestamp=2015-03-18T08:06:18 access_timestamp=2015-03-18T08:10:17
expiration_timestamp=2015-03-18T08:26:18
[Wed Mar 18 08:10:17.471698 2015] [:error] [pid 15176] ipa: DEBUG: storing
ccache data into file "/var/run/ipa_memcached/krbcc_15176"
[Wed Mar 18 08:10:17.472404 2015] [:error] [pid 15176] ipa: DEBUG:
get_credential_times:
principal=HTTP/kwtpocpbis01.solaris.local at SOLARIS.LOCAL, authtime=03/17/15
16:04:12, starttime=03/18/15 08:06:17, endtime=03/18/15 16:04:09,
renew_till=01/01/70 03:00:00
[Wed Mar 18 08:10:17.472610 2015] [:error] [pid 15176] ipa: DEBUG:
get_credential_times:
principal=HTTP/kwtpocpbis01.solaris.local at SOLARIS.LOCAL, authtime=03/17/15
16:04:12, starttime=03/18/15 08:06:17, endtime=03/18/15 16:04:09,
renew_till=01/01/70 03:00:00
[Wed Mar 18 08:10:17.472829 2015] [:error] [pid 15176] ipa: DEBUG:
KRB5_CCache FILE:/var/run/ipa_memcached/krbcc_15176 endtime=1426683849
(03/18/15 16:04:09)
[Wed Mar 18 08:10:17.472978 2015] [:error] [pid 15176] ipa: DEBUG:
set_session_expiration_time: duration_type=inactivity_timeout duration=1200
max_age=1426683549 expiration=1426656617.47 (2015-03-18T08:30:17)
[Wed Mar 18 08:10:18.484137 2015] [:error] [pid 15176] ipa: DEBUG: Created
connection context.ldap2
[Wed Mar 18 08:10:18.484255 2015] [:error] [pid 15176] ipa: DEBUG: WSGI
jsonserver.__call__:
[Wed Mar 18 08:10:18.484330 2015] [:error] [pid 15176] ipa: DEBUG: WSGI
WSGIExecutioner.__call__:
[Wed Mar 18 08:10:18.484919 2015] [:error] [pid 15176] ipa: DEBUG: raw:
trust_add(u'infra.com', trust_type=u'ad', realm_admin=u'Administrator',
realm_passwd=u'********', all=False, raw=False, version=u'2.113')
[Wed Mar 18 08:10:18.485210 2015] [:error] [pid 15176] ipa: DEBUG:
trust_add(u'infra.com', trust_type=u'ad', realm_admin=u'Administrator',
realm_passwd=u'********', all=False, raw=False, version=u'2.113')
lpcfg_load: refreshing parameters from /usr/share/ipa/smb.conf.empty
params.c:pm_process() - Processing configuration file
"/usr/share/ipa/smb.conf.empty"
Processing section "[global]"
INFO: Current debug levels:
all: 100
tdb: 100
printdrivers: 100
lanman: 100
smb: 100
rpc_parse: 100
rpc_srv: 100
rpc_cli: 100
passdb: 100
sam: 100
auth: 100
winbind: 100
vfs: 100
idmap: 100
quota: 100
acls: 100
locking: 100
msdfs: 100
dmapi: 100
registry: 100
scavenger: 100
dns: 100
ldb: 100
pm_process() returned Yes
Using binding ncacn_np:kwtpocpbis01.solaris.local[,]
s4_tevent: Added timed event "dcerpc_connect_timeout_handler":
0x7f5a6441f040
s4_tevent: Added timed event "composite_trigger": 0x7f5a6424ed80
s4_tevent: Added timed event "composite_trigger": 0x7f5a644b7f60
s4_tevent: Running timer event 0x7f5a6424ed80 "composite_trigger"
s4_tevent: Destroying timer event 0x7f5a644b7f60 "composite_trigger"
Mapped to DCERPC endpoint \pipe\lsarpc
added interface ens160 ip=172.16.107.244 bcast=172.16.107.255
netmask=255.255.255.0
added interface ens160 ip=172.16.107.244 bcast=172.16.107.255
netmask=255.255.255.0
s4_tevent: Ending timer event 0x7f5a6424ed80 "composite_trigger"
s4_tevent: Added timed event "connect_multi_timer": 0x7f5a64421500
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5a64095f20
s4_tevent: Run immediate event "tevent_req_trigger": 0x7f5a64095f20
s4_tevent: Destroying timer event 0x7f5a64421500 "connect_multi_timer"
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 0
SO_SNDBUF = 663430
SO_RCVBUF = 261942
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
s4_tevent: Added timed event "tevent_req_timedout": 0x7f5a6449da70
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7f5a640c4c30
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7f5a640c4c30
s4_tevent: Destroying timer event 0x7f5a6449da70 "tevent_req_timedout"
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Ticket in credentials cache for admin at SOLARIS.LOCAL will expire in 5885 secs
s4_tevent: Added timed event "tevent_req_timedout": 0x7f5a644a23f0
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7f5a640c4c30
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7f5a640c4c30
s4_tevent: Destroying timer event 0x7f5a644a23f0 "tevent_req_timedout"
s4_tevent: Destroying timer event 0x7f5a6441f040
"dcerpc_connect_timeout_handler"
Using binding ncacn_np:kwtpocpbis01.solaris.local
s4_tevent: Added timed event "dcerpc_connect_timeout_handler":
0x7f5a64030f60
s4_tevent: Added timed event "composite_trigger": 0x7f5a64360af0
s4_tevent: Added timed event "composite_trigger": 0x7f5a64491b50
s4_tevent: Running timer event 0x7f5a64360af0 "composite_trigger"
s4_tevent: Destroying timer event 0x7f5a64491b50 "composite_trigger"
Mapped to DCERPC endpoint \pipe\lsarpc
added interface ens160 ip=172.16.107.244 bcast=172.16.107.255
netmask=255.255.255.0
added interface ens160 ip=172.16.107.244 bcast=172.16.107.255
netmask=255.255.255.0
s4_tevent: Ending timer event 0x7f5a64360af0 "composite_trigger"
s4_tevent: Added timed event "connect_multi_timer": 0x7f5a640e6a40
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5a6402ae00
s4_tevent: Run immediate event "tevent_req_trigger": 0x7f5a6402ae00
s4_tevent: Destroying timer event 0x7f5a640e6a40 "connect_multi_timer"
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 0
SO_SNDBUF = 663430
SO_RCVBUF = 261942
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
s4_tevent: Added timed event "tevent_req_timedout": 0x7f5a644cde60
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7f5a64240aa0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7f5a64240aa0
s4_tevent: Destroying timer event 0x7f5a644cde60 "tevent_req_timedout"
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
GSSAPI credentials for admin at SOLARIS.LOCAL will expire in 5885 secs
s4_tevent: Added timed event "tevent_req_timedout": 0x7f5a64093a80
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7f5a64240aa0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7f5a64240aa0
s4_tevent: Destroying timer event 0x7f5a64093a80 "tevent_req_timedout"
s4_tevent: Destroying timer event 0x7f5a64030f60
"dcerpc_connect_timeout_handler"
Using binding ncacn_ip_tcp:kwtpocpbis01.solaris.local[,]
s4_tevent: Added timed event "dcerpc_connect_timeout_handler":
0x7f5a64240170
s4_tevent: Added timed event "dcerpc_connect_timeout_handler":
0x7f5a644d29c0
s4_tevent: Added timed event "composite_trigger": 0x7f5a643df470
s4_tevent: Added timed event "composite_trigger": 0x7f5a643fc900
s4_tevent: Running timer event 0x7f5a643df470 "composite_trigger"
s4_tevent: Destroying timer event 0x7f5a643fc900 "composite_trigger"
Mapped to DCERPC endpoint 135
added interface ens160 ip=172.16.107.244 bcast=172.16.107.255
netmask=255.255.255.0
added interface ens160 ip=172.16.107.244 bcast=172.16.107.255
netmask=255.255.255.0
s4_tevent: Ending timer event 0x7f5a643df470 "composite_trigger"
s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7f5a6448b6d0
s4_tevent: Destroying timer event 0x7f5a6448b6d0 "dcerpc_timeout_handler"
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5a645345f0
s4_tevent: Run immediate event "tevent_req_trigger": 0x7f5a645345f0
s4_tevent: Destroying timer event 0x7f5a644d29c0
"dcerpc_connect_timeout_handler"
epm_Map: struct epm_Map
in: struct epm_Map
object : *
object :
00000000-0000-0000-0000-000000000000
map_tower : *
map_tower: struct epm_twr_t
tower_length : 0x0000004b (75)
tower: struct epm_tower
num_floors : 0x0005 (5)
floors: ARRAY(5)
floors: struct epm_floor
lhs: struct epm_lhs
protocol :
EPM_PROTOCOL_UUID (13)
lhs_data : DATA_BLOB
length=18
[0000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg..
[0010] 00 00 ..
rhs : union
epm_rhs(case 13)
uuid: struct epm_rhs_uuid
unknown : DATA_BLOB
length=2
[0000] 00 00 ..
floors: struct epm_floor
lhs: struct epm_lhs
protocol :
EPM_PROTOCOL_UUID (13)
lhs_data : DATA_BLOB
length=18
[0000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H`
[0010] 02 00 ..
rhs : union
epm_rhs(case 13)
uuid: struct epm_rhs_uuid
unknown : DATA_BLOB
length=2
[0000] 00 00 ..
floors: struct epm_floor
lhs: struct epm_lhs
protocol :
EPM_PROTOCOL_NCACN (11)
lhs_data : DATA_BLOB
length=0
rhs : union
epm_rhs(case 11)
ncacn: struct epm_rhs_ncacn
minor_version : 0x0000 (0)
floors: struct epm_floor
lhs: struct epm_lhs
protocol :
EPM_PROTOCOL_TCP (7)
lhs_data : DATA_BLOB
length=0
rhs : union
epm_rhs(case 7)
tcp: struct epm_rhs_tcp
port : 0x0000 (0)
floors: struct epm_floor
lhs: struct epm_lhs
protocol :
EPM_PROTOCOL_IP (9)
lhs_data : DATA_BLOB
length=0
rhs : union
epm_rhs(case 9)
ip: struct epm_rhs_ip
ipaddr : 0.0.0.0
entry_handle : *
entry_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
00000000-0000-0000-0000-000000000000
max_towers : 0x00000001 (1)
rpc request data:
[0000] 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0010] 00 00 00 00 02 00 00 00 4B 00 00 00 4B 00 00 00 ........ K...K...
[0020] 05 00 13 00 0D 78 57 34 12 34 12 CD AB EF 00 01 .....xW4 .4......
[0030] 23 45 67 89 AB 00 00 02 00 00 00 13 00 0D 04 5D #Eg..... .......]
[0040] 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 ........ ..+.H`..
[0050] 02 00 00 00 01 00 0B 02 00 00 00 01 00 07 02 00 ........ ........
[0060] 00 00 01 00 09 04 00 00 00 00 00 00 00 00 00 00 ........ ........
[0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0080] 01 00 00 00 ....
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7f5a640d3b10
s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7f5a64437b50
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7f5a640d3b10
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7f5a640d3b10
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7f5a640d3b10
s4_tevent: Destroying timer event 0x7f5a64437b50 "dcerpc_timeout_handler"
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5a64076bc0
s4_tevent: Run immediate event "tevent_req_trigger": 0x7f5a64076bc0
epm_Map: struct epm_Map
out: struct epm_Map
entry_handle : *
entry_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
00000000-0000-0000-0000-000000000000
num_towers : *
num_towers : 0x00000001 (1)
towers: ARRAY(1)
towers: struct epm_twr_p_t
twr : *
twr: struct epm_twr_t
tower_length : 0x0000004b (75)
tower: struct epm_tower
num_floors : 0x0005 (5)
floors: ARRAY(5)
floors: struct epm_floor
lhs: struct epm_lhs
protocol :
EPM_PROTOCOL_UUID (13)
lhs_data :
DATA_BLOB length=18
[0000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg..
[0010] 00 00 ..
rhs : union
epm_rhs(case 13)
uuid: struct epm_rhs_uuid
unknown :
DATA_BLOB length=2
[0000] 00 00 ..
floors: struct epm_floor
lhs: struct epm_lhs
protocol :
EPM_PROTOCOL_UUID (13)
lhs_data :
DATA_BLOB length=18
[0000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H`
[0010] 02 00 ..
rhs : union
epm_rhs(case 13)
uuid: struct epm_rhs_uuid
unknown :
DATA_BLOB length=2
[0000] 00 00 ..
floors: struct epm_floor
lhs: struct epm_lhs
protocol :
EPM_PROTOCOL_NCACN (11)
lhs_data :
DATA_BLOB length=0
rhs : union
epm_rhs(case 11)
ncacn: struct epm_rhs_ncacn
minor_version :
0x0000 (0)
floors: struct epm_floor
lhs: struct epm_lhs
protocol :
EPM_PROTOCOL_TCP (7)
lhs_data :
DATA_BLOB length=0
rhs : union
epm_rhs(case 7)
tcp: struct epm_rhs_tcp
port :
0x0400 (1024)
floors: struct epm_floor
lhs: struct epm_lhs
protocol :
EPM_PROTOCOL_IP (9)
lhs_data :
DATA_BLOB length=0
rhs : union
epm_rhs(case 9)
ip: struct epm_rhs_ip
ipaddr :
172.16.107.244
result : 0x00000000 (0)
rpc reply data:
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0010] 00 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 ........ ........
[0020] 01 00 00 00 03 00 00 00 4B 00 00 00 4B 00 00 00 ........ K...K...
[0030] 05 00 13 00 0D 78 57 34 12 34 12 CD AB EF 00 01 .....xW4 .4......
[0040] 23 45 67 89 AB 00 00 02 00 00 00 13 00 0D 04 5D #Eg..... .......]
[0050] 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 ........ ..+.H`..
[0060] 02 00 00 00 01 00 0B 02 00 00 00 01 00 07 02 00 ........ ........
[0070] 04 00 01 00 09 04 00 AC 10 6B F4 00 00 00 00 00 ........ .k......
Mapped to DCERPC endpoint 1024
added interface ens160 ip=172.16.107.244 bcast=172.16.107.255
netmask=255.255.255.0
added interface ens160 ip=172.16.107.244 bcast=172.16.107.255
netmask=255.255.255.0
s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7f5a644d4990
s4_tevent: Destroying timer event 0x7f5a644d4990 "dcerpc_timeout_handler"
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5a64076bc0
s4_tevent: Run immediate event "tevent_req_trigger": 0x7f5a64076bc0
s4_tevent: Destroying timer event 0x7f5a64240170
"dcerpc_connect_timeout_handler"
lsa_OpenPolicy2: struct lsa_OpenPolicy2
in: struct lsa_OpenPolicy2
system_name : *
system_name : ''
attr : *
attr: struct lsa_ObjectAttribute
len : 0x00000000 (0)
root_dir : NULL
object_name : NULL
attributes : 0x00000000 (0)
sec_desc : NULL
sec_qos : *
sec_qos: struct lsa_QosInfo
len : 0x00000000 (0)
impersonation_level : 0x0000 (0)
context_mode : 0x00 (0)
effective_only : 0x00 (0)
access_mask : 0x02000000 (33554432)
0: LSA_POLICY_VIEW_LOCAL_INFORMATION
0: LSA_POLICY_VIEW_AUDIT_INFORMATION
0: LSA_POLICY_GET_PRIVATE_INFORMATION
0: LSA_POLICY_TRUST_ADMIN
0: LSA_POLICY_CREATE_ACCOUNT
0: LSA_POLICY_CREATE_SECRET
0: LSA_POLICY_CREATE_PRIVILEGE
0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS
0: LSA_POLICY_SET_AUDIT_REQUIREMENTS
0: LSA_POLICY_AUDIT_LOG_ADMIN
0: LSA_POLICY_SERVER_ADMIN
0: LSA_POLICY_LOOKUP_NAMES
0: LSA_POLICY_NOTIFICATION
rpc request data:
[0000] 00 00 02 00 01 00 00 00 00 00 00 00 01 00 00 00 ........ ........
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0020] 00 00 00 00 00 00 00 00 04 00 02 00 00 00 00 00 ........ ........
[0030] 00 00 00 00 00 00 00 02 ........
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7f5a642b3a00
s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7f5a64093810
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7f5a642b3a00
s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7f5a642b3a00
s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7f5a642b3a00
rpc fault: WERR_ACCESS_DENIED
s4_tevent: Destroying timer event 0x7f5a64093810 "dcerpc_timeout_handler"
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5a64093560
s4_tevent: Run immediate event "tevent_req_trigger": 0x7f5a64093560
[Wed Mar 18 08:10:19.541586 2015] [:error] [pid 15176] ipa: DEBUG: WSGI
wsgi_execute PublicError: Traceback (most recent call last):
[Wed Mar 18 08:10:19.541617 2015] [:error] [pid 15176] File
"/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 349, in
wsgi_execute
[Wed Mar 18 08:10:19.541624 2015] [:error] [pid 15176] result =
self.Command[name](*args, **options)
[Wed Mar 18 08:10:19.541627 2015] [:error] [pid 15176] File
"/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 439, in __call__
[Wed Mar 18 08:10:19.541631 2015] [:error] [pid 15176] ret =
self.run(*args, **options)
[Wed Mar 18 08:10:19.541634 2015] [:error] [pid 15176] File
"/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 754, in run
[Wed Mar 18 08:10:19.541637 2015] [:error] [pid 15176] return
self.execute(*args, **options)
[Wed Mar 18 08:10:19.541640 2015] [:error] [pid 15176] File
"/usr/lib/python2.7/site-packages/ipalib/plugins/trust.py", line 472, in
execute
[Wed Mar 18 08:10:19.541643 2015] [:error] [pid 15176] full_join =
self.validate_options(*keys, **options)
[Wed Mar 18 08:10:19.541646 2015] [:error] [pid 15176] File
"/usr/lib/python2.7/site-packages/ipalib/plugins/trust.py", line 582, in
validate_options
[Wed Mar 18 08:10:19.541650 2015] [:error] [pid 15176]
self.trustinstance = ipaserver.dcerpc.TrustDomainJoins(self.api)
[Wed Mar 18 08:10:19.541656 2015] [:error] [pid 15176] File
"/usr/lib/python2.7/site-packages/ipaserver/dcerpc.py", line 1127, in
__init__
[Wed Mar 18 08:10:19.541660 2015] [:error] [pid 15176]
self.__populate_local_domain()
[Wed Mar 18 08:10:19.541663 2015] [:error] [pid 15176] File
"/usr/lib/python2.7/site-packages/ipaserver/dcerpc.py", line 1136, in
__populate_local_domain
[Wed Mar 18 08:10:19.541666 2015] [:error] [pid 15176]
ld.retrieve(installutils.get_fqdn())
[Wed Mar 18 08:10:19.541669 2015] [:error] [pid 15176] File
"/usr/lib/python2.7/site-packages/ipaserver/dcerpc.py", line 826, in
retrieve
[Wed Mar 18 08:10:19.541672 2015] [:error] [pid 15176] raise
assess_dcerpc_exception(num=num, message=message)
[Wed Mar 18 08:10:19.541675 2015] [:error] [pid 15176] ACIError:
Insufficient access: Gettext('CIFS server denied your credentials',
domain='ipa', localedir=None)
[Wed Mar 18 08:10:19.541678 2015] [:error] [pid 15176]
[Wed Mar 18 08:10:19.541970 2015] [:error] [pid 15176] ipa: INFO:
[jsonserver_session] admin at SOLARIS.LOCAL: trust_add(u'infra.com',
trust_type=u'ad', realm_admin=u'Administrator', realm_passwd=u'********',
all=False, raw=False, version=u'2.113'): ACIError
[Wed Mar 18 08:10:19.542594 2015] [:error] [pid 15176] ipa: DEBUG: reading
ccache data from file "/var/run/ipa_memcached/krbcc_15176"
[Wed Mar 18 08:10:19.542847 2015] [:error] [pid 15176] ipa: DEBUG: store
session: session_id=15b334c24b28c1e228c1e843efb0bf86
start_timestamp=2015-03-18T08:06:18 access_timestamp=2015-03-18T08:10:19
expiration_timestamp=2015-03-18T08:30:17
[Wed Mar 18 08:10:19.545479 2015] [:error] [pid 15176] ipa: DEBUG:
Destroyed connection context.ldap2
On Tue, Mar 17, 2015 at 9:30 PM, Alexander Bokovoy <abokovoy at redhat.com>
wrote:
> On Tue, 17 Mar 2015, Ben .T.George wrote:
>
>> Hi
>>
>> i did kinit
>>
>> [root at kwtpocpbis01 sssd]# kinit -kt /etc/dirsrv/ds.keytab
>> kinit: Keytab contains no suitable keys for
>> host/kwtpocpbis01.solaris.local at SOLARIS.LOCAL while getting initial
>> credentials
>>
>>
>> i destroyed and re-created. but still same
>>
> What did you destroy?
>
kdestroy was the command i was talking about
>
> Why did you need to touch /etc/dirsrv/ds.keytab at all? It contains key
> for ldap/kwtpocpbis01.solaris.local at SOLARIS.LOCAL that your LDAP server
> is using. It has nothing to do with your host/... principal.
>
> If your sssd cannot authenticate against AD DC, it means trust is *not*
> working and anything else is fruitless unless you fix it.
> hat do you see
> in /var/log/httpd/error_log as result of dumping netr_LogonControl2Ex
> structure?
>
>
> Can you follow
> http://www.freeipa.org/page/Active_Directory_trust_setup#Debugging_trust
> and tell what do you see in /var/log/httpd/error_log as result of
> dumping netr_LogonControl2Ex structure?
>
> We went through this few weeks ago and I'm not seeing what did you
> broke.
>
> --
> / Alexander Bokovoy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150318/300551c4/attachment.htm>
More information about the Freeipa-users
mailing list