[Freeipa-users] FreeIPA 4.3.0 Trust with AD Fails with RemoteRetrieveError
Nathan Peters
Nathan.Peters at globalrelay.net
Wed Jan 27 06:07:00 UTC 2016
I'm trying to create a trust with AD on FreeIPA 4.3.0 domain at domain level 1.
When I try though the cli I get this error :
ipa: ERROR: communication with CIFS server was unsuccessful
When I try through the web ui I get :
IPA Error 4016: RemoteRetrieveError
Following debugging steps and setting loglevel to 100 gives a whole pile of stuff that doesn't seem to indicate the actual cause of the failure.
It ends with these errors :
lsa_lsaRSetForestTrustInformation: struct lsa_lsaRSetForestTrustInformation
out: struct lsa_lsaRSetForestTrustInformation
collision_info : *
collision_info : NULL
result : NT_STATUS_INVALID_PARAMETER
rpc reply data:
[0000] 00 00 00 00 0D 00 00 C0 ........
lsa_QueryTrustedDomainInfoByName: struct lsa_QueryTrustedDomainInfoByName
in: struct lsa_QueryTrustedDomainInfoByName
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 0000000d-0000-0000-a856-ba5c507f0000
trusted_domain : *
trusted_domain: struct lsa_String
length : 0x002c (44)
size : 0x002c (44)
string : *
string : 'office.mydomain.net'
level : LSA_TRUSTED_DOMAIN_INFO_FULL_INFO (8)
rpc request data:
lsa_QueryTrustedDomainInfoByName: struct lsa_QueryTrustedDomainInfoByName
out: struct lsa_QueryTrustedDomainInfoByName
info : *
info : NULL
result : NT_STATUS_OBJECT_NAME_NOT_FOUND
rpc reply data:
[0000] 00 00 00 00 34 00 00 C0 ....4...
lsa_CreateTrustedDomainEx2: struct lsa_CreateTrustedDomainEx2
in: struct lsa_CreateTrustedDomainEx2
policy_handle : *
policy_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 0000000d-0000-0000-a856-ba5c507f0000
info : *
info: struct lsa_TrustDomainInfoInfoEx
domain_name: struct lsa_StringLarge
length : 0x002c (44)
size : 0x002e (46)
string : *
string : 'office.mydomain.net'
netbios_name: struct lsa_StringLarge
length : 0x000c (12)
size : 0x000e (14)
string : *
string : 'OFFICE'
sid : *
sid : S-1-5-21-3104402935-1443057687-1106712449
trust_direction : 0x00000001 (1)
1: LSA_TRUST_DIRECTION_INBOUND
0: LSA_TRUST_DIRECTION_OUTBOUND
trust_type : LSA_TRUST_TYPE_UPLEVEL (2)
trust_attributes : 0x00000000 (0)
0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
0: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
auth_info_internal : *
auth_info_internal: struct lsa_TrustDomainInfoAuthInfoInternal
auth_blob: struct lsa_DATA_BUF2
size : 0x00000440 (1088)
data : *
data: ARRAY(1088)
lsa_CreateTrustedDomainEx2: struct lsa_CreateTrustedDomainEx2
out: struct lsa_CreateTrustedDomainEx2
trustdom_handle : *
trustdom_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 00000000-0000-0000-0000-000000000000
result : NT_STATUS_UNSUCCESSFUL
rpc reply data:
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0010] 00 00 00 00 01 00 00 C0 ........
[Tue Jan 26 21:59:34.411382 2016] [wsgi:error] [pid 29762] ipa: INFO: [jsonserver_kerb] admin at DEV-MYDOMAIN.NET: trust_add(u'office.mydomain.net', trust_type=u'ad', realm_admin=u'Administrator', realm_passwd=u'********', all=False, raw=False, version=u'2.163'): RemoteRetrieveError
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160127/db47bf1b/attachment.htm>
More information about the Freeipa-users
mailing list