[Freeipa-users] Setting up Domain Trust with Active Directory w2008R2
Svancara, Randall
rsvancara at wsu.edu
Sat Sep 26 19:08:16 UTC 2015
Hi,
Trying to establish a trust relationship between a test domain that I have configured on windows server 2008r2 with FreeIPA 4.1.2 (Centos 7).
I have enabled debugging and I attempt to run the following command:
ipa trust-add --type=ad ad.winblows --admin Administrator --password
The http error logs emit the following output provided below. Looks like something connects to the domain controller perforing the CLDAP query, but then there is a second section that appears to have a problem with "non-public: KeyError: 'dns_hostname'
Addrs = 172.16.1.253 at 389/ad1
finddcs: DNS SRV response 0 at '172.16.1.253'
finddcs: performing CLDAP query on 172.16.1.253
s4_tevent: Added timed event "tevent_req_timedout": 0x7fbfc8220e80
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fbfc8045660
s4_tevent: Run immediate event "tevent_req_trigger": 0x7fbfc8045660
s4_tevent: Added timed event "tevent_req_timedout": 0x7fbfc8045c00
s4_tevent: Destroying timer event 0x7fbfc8220e80 "tevent_req_timedout"
s4_tevent: Destroying timer event 0x7fbfc8045c00 "tevent_req_timedout"
&response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX
command : LOGON_SAM_LOGON_RESPONSE_EX (23)
sbz : 0x0000 (0)
server_type : 0x000033fd (13309)
1: NBT_SERVER_PDC
1: NBT_SERVER_GC
1: NBT_SERVER_LDAP
1: NBT_SERVER_DS
1: NBT_SERVER_KDC
1: NBT_SERVER_TIMESERV
1: NBT_SERVER_CLOSEST
1: NBT_SERVER_WRITABLE
1: NBT_SERVER_GOOD_TIMESERV
0: NBT_SERVER_NDNC
0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
1: NBT_SERVER_FULL_SECRET_DOMAIN_6
1: NBT_SERVER_ADS_WEB_SERVICE
0: NBT_SERVER_HAS_DNS_NAME
0: NBT_SERVER_IS_DEFAULT_NC
0: NBT_SERVER_FOREST_ROOT
domain_uuid : 4a9706c2-e025-4556-a48b-f0e15941b60e
forest : 'ad.winblows'
dns_domain : 'ad.winblows'
pdc_dns_name : 'ad1.ad.winblows'
domain_name : 'AD'
pdc_name : 'AD1'
user_name : ''
server_site : 'Default-First-Site-Name'
client_site : 'Default-First-Site-Name'
sockaddr_size : 0x00 (0)
sockaddr: struct nbt_sockaddr
sockaddr_family : 0x00000000 (0)
pdc_ip : (null)
remaining : DATA_BLOB length=0
next_closest_site : NULL
nt_version : 0x00000005 (5)
1: NETLOGON_NT_VERSION_1
0: NETLOGON_NT_VERSION_5
1: NETLOGON_NT_VERSION_5EX
0: NETLOGON_NT_VERSION_5EX_WITH_IP
0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
0: NETLOGON_NT_VERSION_PDC
0: NETLOGON_NT_VERSION_IP
0: NETLOGON_NT_VERSION_LOCAL
0: NETLOGON_NT_VERSION_GC
lmnt_token : 0xffff (65535)
lm20_token : 0xffff (65535)
finddcs: Found matching DC 172.16.1.253 with server_type=0x000033fd
[Sat Sep 26 12:01:24.624183 2015] [:error] [pid 8407] ipa: ERROR: LDAP error when connecting to AD1: {'desc': "Can't contact LDAP server"}
lpcfg_load: refreshing parameters from /usr/share/ipa/smb.conf.empty
params.c:pm_process() - Processing configuration file "/usr/share/ipa/smb.conf.empty"
Processing section "[global]"
INFO: Current debug levels:
all: 100
tdb: 100
printdrivers: 100
lanman: 100
smb: 100
rpc_parse: 100
rpc_srv: 100
rpc_cli: 100
passdb: 100
sam: 100
auth: 100
winbind: 100
vfs: 100
idmap: 100
quota: 100
acls: 100
locking: 100
msdfs: 100
dmapi: 100
registry: 100
scavenger: 100
dns: 100
ldb: 100
pm_process() returned Yes
[Sat Sep 26 12:01:24.625956 2015] [:error] [pid 8407] ipa: ERROR: non-public: KeyError: 'dns_hostname'
[Sat Sep 26 12:01:24.625970 2015] [:error] [pid 8407] Traceback (most recent call last):
[Sat Sep 26 12:01:24.625974 2015] [:error] [pid 8407] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 348, in wsgi_execute
[Sat Sep 26 12:01:24.625977 2015] [:error] [pid 8407] result = self.Command[name](*args, **options)
[Sat Sep 26 12:01:24.625982 2015] [:error] [pid 8407] File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 439, in __call__
[Sat Sep 26 12:01:24.625985 2015] [:error] [pid 8407] ret = self.run(*args, **options)
[Sat Sep 26 12:01:24.625988 2015] [:error] [pid 8407] File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 754, in run
[Sat Sep 26 12:01:24.625991 2015] [:error] [pid 8407] return self.execute(*args, **options)
[Sat Sep 26 12:01:24.625994 2015] [:error] [pid 8407] File "/usr/lib/python2.7/site-packages/ipalib/plugins/trust.py", line 473, in execute
[Sat Sep 26 12:01:24.625997 2015] [:error] [pid 8407] old_range, range_name, dom_sid = self.validate_range(*keys, **options)
[Sat Sep 26 12:01:24.626000 2015] [:error] [pid 8407] File "/usr/lib/python2.7/site-packages/ipalib/plugins/trust.py", line 663, in validate_range
[Sat Sep 26 12:01:24.626004 2015] [:error] [pid 8407] self.realm_passwd
[Sat Sep 26 12:01:24.626007 2015] [:error] [pid 8407] File "/usr/lib/python2.7/site-packages/ipaserver/dcerpc.py", line 1170, in populate_remote_domain
[Sat Sep 26 12:01:24.626010 2015] [:error] [pid 8407] td.retrieve(rd.info['dns_hostname'])
[Sat Sep 26 12:01:24.626013 2015] [:error] [pid 8407] KeyError: 'dns_hostname'
[Sat Sep 26 12:01:24.626447 2015] [:error] [pid 8407] ipa: INFO: [jsonserver_session] admin at LOCAL: trust_add(u'ad.winblows', trust_type=u'ad', realm_admin=u'Administrator', realm_passwd=u'********', all=False, raw=False, version=u'2.112'): KeyError
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150926/3d5bcb0d/attachment.htm>
More information about the Freeipa-users
mailing list