[Freeipa-users] freeipa cert validation failed, SEC_ERROR_UNTRUSTED_ISSUER
Alexander Bokovoy
abokovoy at redhat.com
Tue Sep 8 13:21:19 UTC 2015
On Tue, 08 Sep 2015, Morgan Marodin wrote:
>I've solved this error, reading this forum:
>https://www.redhat.com/archives/freeipa-users/2015-July/msg00247.html
>
>But now when I try to trust to my Active Directory I see these errors:
>--------------------
># ipa trust-add --type=ad mydomain.com --admin Administrator --password
>Active Directory domain administrator's password:
>ipa: ERROR: CIFS server communication error: code "-1073741258",
> message "The connection was refused" (both may be "None")
>
>Here my logs:
>--------------------
>==> /var/log/httpd/error_log <==
>Failed to connect host 192.168.0.65 on port 135 -
>NT_STATUS_CONNECTION_REFUSED
>Failed to connect host 192.168.0.65 (srv01.ipa.mydomain.com) on port 135 -
>NT_STATUS_CONNECTION_REFUSED.
>[Tue Sep 08 15:01:50.859313 2015] [:error] [pid 2221] ipa: INFO:
>[jsonserver_kerb] admin at IPA.MYDOMAIN.COM: trust_add(u'mydomain.com',
>trust_type=u'ad', realm_admin=u'Administrator', realm_passwd=u'********',
>all=False, raw=False, version=u'2.112'): RemoteRetrieveError
>
>==> /var/log/samba/log.192.168.0.65 <==
>[2015/09/08 15:01:50.833128, 1]
>../source3/auth/user_krb5.c:164(get_user_from_kerberos_info)
> Username IPA\admin is invalid on this system
This is your problem. Does your system have SSSD actually running?
List of ports that smbd should be listening on on IPA master:
# netstat -nltup|grep smbd
tcp 0 0 0.0.0.0:135 0.0.0.0:* LISTEN 12420/smbd
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 12417/smbd
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 12417/smbd
tcp 0 0 0.0.0.0:1024 0.0.0.0:* LISTEN 12422/smbd
tcp6 0 0 :::135 :::* LISTEN 12420/smbd
tcp6 0 0 :::139 :::* LISTEN 12417/smbd
tcp6 0 0 :::445 :::* LISTEN 12417/smbd
tcp6 0 0 :::1024 :::* LISTEN 12422/smbd
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list