[Freeipa-users] multi homed environment

Andy Thompson Andy.Thompson at e-tcc.com
Fri May 8 13:15:56 UTC 2015 

> -----Original Message-----
> From: Alexander Bokovoy [mailto:abokovoy at redhat.com]
> Sent: Friday, May 8, 2015 8:17 AM
> To: Andy Thompson
> Cc: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] multi homed environment
> 
> On Fri, 08 May 2015, Andy Thompson wrote:
> >I'm trying to roll out IPA in an existing windows environment where
> >everything is multi homed.  I did not put my IPA server on all the
> >subnets.
> >
> >I'm having an issue with adding a trust to the domain with the error
> >below
> >
> >ipa: ERROR: CIFS server communication error: code "-1073741801",
> >                  message "Memory allocation error" (both may be
> >"None")
> >
> >DNS I think since it round robins all the existing A records and is
> >returning IPs out of the local subnet.  I don't know much about windows
> >dns services but it's got netmask optimization enabled and doing digs
> >against the service returns the local IP first every time, but pings
> >return them in any order.
> >
> >I've considered adding the DCs to the local hosts file but I'm not sure
> >if that will solve the problem or not.  Is that a viable fix?
> >
> >Anyone have any experience in an environment like this?   Really not
> >sure what additional problems I will run into with all this multi homed
> >nonsense.
> Stop here and make sure you obtained the debugging information as
> described in
> http://www.freeipa.org/page/Active_Directory_trust_setup#Debugging_tru
> st
> 
> Without that information it is hard to tell what is happening.
> 
> Make also sure to tell exact environment (distribution, version, package
> versions, etc).
> 

Well things got ugly.  I enabled debug and pointed in the right direction, smb failed to start.  Came down to the cifs service was not added when I did the adtrust-install.  I tried adding it and it complained that it could not find the A record for the host even though it was there.  Thinking something was hung up in resolver cache possibly I restarted the ipa service and it failed completely.  

Ipactl start fails starting smb because of the missing service and everything fails from there.

Is there any way to recover from this mess I just made? :)

thanks

More information about the Freeipa-users mailing list