[Freeipa-users] freeipa cert validation failed, SEC_ERROR_UNTRUSTED_ISSUER
Morgan Marodin
morgan at marodin.it
Tue Sep 8 15:55:47 UTC 2015
Also doing trust manually (as explained here
http://www.freeipa.org/page/Active_Directory_trust_setup) the command fail
in the same mode:
# ipa trust-add --type=ad MYDOMAIN.COM --trust-secret
Shared secret for the trust:
ipa: ERROR: Cannot find specified domain or server name
==> /var/log/httpd/access_log <==
192.168.0.65 - - [08/Sep/2015:17:50:21 +0200] "POST /ipa/session/json
HTTP/1.1" 200 185
==> /var/log/httpd/error_log <==
[Tue Sep 08 17:50:22.183939 2015] [:error] [pid 4265] ipa: INFO:
[jsonserver_session] admin at IPA.MYDOMAIN.COM: trust_add(u'MYDOMAIN.COM',
trust_type=u'ad', trust_secret=u'********', all=False, raw=False,
version=u'2.112'): NotFound
==> /var/log/samba/log.winbindd-idmap <==
[2015/09/08 17:50:22.178007, 1]
../source3/winbindd/idmap.c:202(idmap_init_domain)
idmap range not specified for domain *
[2015/09/08 17:50:22.178984, 1]
../source3/winbindd/idmap.c:202(idmap_init_domain)
idmap range not specified for domain *
[2015/09/08 17:50:22.179771, 1]
../source3/winbindd/idmap.c:202(idmap_init_domain)
idmap range not specified for domain *
[2015/09/08 17:50:22.179863, 1]
../source3/winbindd/idmap.c:202(idmap_init_domain)
idmap range not specified for domain *
:( Morgan
2015-09-08 15:21 GMT+02:00 Alexander Bokovoy <abokovoy at redhat.com>:
> On Tue, 08 Sep 2015, Morgan Marodin wrote:
>
>> I've solved this error, reading this forum:
>> https://www.redhat.com/archives/freeipa-users/2015-July/msg00247.html
>>
>> But now when I try to trust to my Active Directory I see these errors:
>> --------------------
>> # ipa trust-add --type=ad mydomain.com --admin Administrator --password
>> Active Directory domain administrator's password:
>> ipa: ERROR: CIFS server communication error: code "-1073741258",
>> message "The connection was refused" (both may be "None")
>>
>> Here my logs:
>> --------------------
>> ==> /var/log/httpd/error_log <==
>> Failed to connect host 192.168.0.65 on port 135 -
>> NT_STATUS_CONNECTION_REFUSED
>> Failed to connect host 192.168.0.65 (srv01.ipa.mydomain.com) on port 135
>> -
>> NT_STATUS_CONNECTION_REFUSED.
>> [Tue Sep 08 15:01:50.859313 2015] [:error] [pid 2221] ipa: INFO:
>> [jsonserver_kerb] admin at IPA.MYDOMAIN.COM: trust_add(u'mydomain.com',
>> trust_type=u'ad', realm_admin=u'Administrator', realm_passwd=u'********',
>> all=False, raw=False, version=u'2.112'): RemoteRetrieveError
>>
>> ==> /var/log/samba/log.192.168.0.65 <==
>> [2015/09/08 15:01:50.833128, 1]
>> ../source3/auth/user_krb5.c:164(get_user_from_kerberos_info)
>> Username IPA\admin is invalid on this system
>>
> This is your problem. Does your system have SSSD actually running?
>
>
> List of ports that smbd should be listening on on IPA master:
> # netstat -nltup|grep smbd
> tcp 0 0 0.0.0.0:135 0.0.0.0:* LISTEN
> 12420/smbd tcp 0 0 0.0.0.0:139 0.0.0.0:*
> LISTEN 12417/smbd tcp 0 0 0.0.0.0:445
> 0.0.0.0:* LISTEN 12417/smbd tcp 0 0
> 0.0.0.0:1024 0.0.0.0:* LISTEN 12422/smbd tcp6
> 0 0 :::135 :::* LISTEN 12420/smbd
> tcp6 0 0 :::139 :::* LISTEN
> 12417/smbd tcp6 0 0 :::445 :::*
> LISTEN 12417/smbd tcp6 0 0 :::1024
> :::* LISTEN 12422/smbd
>
> --
> / Alexander Bokovoy
>
--
Morgan Marodin
email: morgan at marodin.it
mobile: +39.3477829069
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150908/590045cd/attachment.htm>
More information about the Freeipa-users
mailing list