[Freeipa-users] freeipa cert validation failed, SEC_ERROR_UNTRUSTED_ISSUER
Morgan Marodin
morgan at marodin.it
Wed Sep 9 16:22:37 UTC 2015
Hi Alexander
IPv6 stack is disabled on my RHEL like distro, v 7 x64, but is enable on my
WIndows 2012.
I have read in a freeipa article to disable IPv6.
I've 2 Domain Controller with Windows Server 2012 and (at this time) one
new freeipa server, just installed, in the same network.
AD REALM is MYDOMAIN.COM and IPA REALM is IPA.MYDOMAIN.COM.
I've installed bind in IPA that contains only ipa.mydomain.com zone.
In AD servers is configured mydomain.com zone, with ipa.mydomain.com
delegation to linux server (192.168.0.65).
Do you have other question of my setup?
Let me know, thanks.
Morgan
2015-09-09 16:01 GMT+02:00 Alexander Bokovoy <abokovoy at redhat.com>:
> On Wed, 09 Sep 2015, Morgan Marodin wrote:
>
>> Hi Alexander.
>>
>> Ok, after enabling debugging I have these logs:
>> -------------------------------------------------------------------
>> ==> /var/log/httpd/error_log <==
>> INFO: Current debug levels:
>> all: 100
>> tdb: 100
>> printdrivers: 100
>> lanman: 100
>> smb: 100
>> rpc_parse: 100
>> rpc_srv: 100
>> rpc_cli: 100
>> passdb: 100
>> sam: 100
>> auth: 100
>> winbind: 100
>> vfs: 100
>> idmap: 100
>> quota: 100
>> acls: 100
>> locking: 100
>> msdfs: 100
>> dmapi: 100
>> registry: 100
>> scavenger: 100
>> dns: 100
>> ldb: 100
>> pm_process() returned Yes
>> GENSEC backend 'gssapi_spnego' registered
>> GENSEC backend 'gssapi_krb5' registered
>> GENSEC backend 'gssapi_krb5_sasl' registered
>> GENSEC backend 'sasl-DIGEST-MD5' registered
>> GENSEC backend 'spnego' registered
>> GENSEC backend 'schannel' registered
>> GENSEC backend 'sasl-EXTERNAL' registered
>> GENSEC backend 'ntlmssp' registered
>> Using binding ncacn_np:srv01.ipa.mydomain.com[,]
>> s4_tevent: Added timed event "dcerpc_connect_timeout_handler":
>> 0x7f8a3c224990
>> s4_tevent: Added timed event "composite_trigger": 0x7f8a3c042170
>> s4_tevent: Added timed event "composite_trigger": 0x7f8a3c25b4a0
>> s4_tevent: Running timer event 0x7f8a3c042170 "composite_trigger"
>> s4_tevent: Destroying timer event 0x7f8a3c25b4a0 "composite_trigger"
>> Mapped to DCERPC endpoint \pipe\lsarpc
>> added interface eth0 ip=192.168.0.65 bcast=192.168.0.255
>> netmask=255.255.255.0
>> added interface eth0 ip=192.168.0.65 bcast=192.168.0.255
>> netmask=255.255.255.0
>>
> Do you have IPv6 stack enabled?
>
> [2015/09/09 08:45:05.032211, 50, pid=11196, effective(0, 0), real(0, 0)]
>> ../lib/util/tevent_debug.c:63(samba_tevent_debug)
>> s3_tevent: Schedule immediate event "tevent_req_trigger": 0x7f7118a92cf0
>> [2015/09/09 08:45:05.032282, 50, pid=11196, effective(0, 0), real(0, 0)]
>> ../lib/util/tevent_debug.c:63(samba_tevent_debug)
>> s3_tevent: Run immediate event "tevent_req_trigger": 0x7f7118a92cf0
>> [2015/09/09 08:45:05.032353, 4, pid=11196, effective(217400000,
>> 217400000), real(217400000, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx)
>> pop_sec_ctx (217400000, 217400000) - sec_ctx_stack_ndx = 0
>> [2015/09/09 08:45:05.032421, 2, pid=11196, effective(217400000,
>> 217400000), real(217400000, 0), class=rpc_srv]
>> ../source3/rpc_server/rpc_ncacn_np.c:630(make_external_rpc_pipe_p)
>> tstream_npa_connect_recv to /run/samba/ncalrpc/np for pipe lsarpc and
>> user IPA\admin failed: No such file or directory
>>
> I'm particularly worrying about his one -- /run/samba/ncalrpc/np pipe
> has to be there.
>
> Can you explain what is your setup in detail?
>
> --
> / Alexander Bokovoy
>
--
Morgan Marodin
email: morgan at marodin.it
mobile: +39.3477829069
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150909/e12fabb7/attachment.htm>
More information about the Freeipa-users
mailing list