[Freeipa-users] Can't establish trust with 2008 AD
Alexander Bokovoy
abokovoy at redhat.com
Thu Jun 9 20:30:48 UTC 2016
On Thu, 09 Jun 2016, pgb205 wrote:
>The setup is:AD 2008 domain,Latest version of FreeIpa with integrated
>DNS,As the AD domain is not known to any DNS servers on the network I
>have created a stub zone in Freeipa integrated dns server
>addomain.com,and created A-record for DC.addomain.comas well as
>_ldap.tcp.addomain.com and _kerberos.udp.addomain.comand checked with
>dig that they resolve correctly, 138/139/145/389 are opened between the
>servers on both tcp and udp portsipv6 enabled on the FreeIpa server. I
>am using pre-shared secret to establish the trust
>Run:ipa trust-add --type=ad addomain.com --trust-secret <pre-shared key>
>and receive:
>ipa: ERROR: CIFS server communication error: code "None", message "NT_STATUS_IO_TIMEOUT" (both may be "None")
>
>I've enabled the logs as described in debugging section (I would be glad to forward the whole thing if needed)However, relevant error that I see is :
>finddcs: DNS SRV response 0 at '<ipaddr>'finddcs: performing CLDAP
>query on <ipaddr>s4_tevent: Added timed event "tevent_req_timedout":
>0x7f21302a8b10s4_tevent: Schedule immediate event "tevent_req_trigger":
>0x7f2130025090s4_tevent: Run immediate event "tevent_req_trigger":
>0x7f2130025090s4_tevent: Added timed event "tevent_req_timedout":
>0x7f213025cb90s4_tevent: Running timer event 0x7f213025cb90
>"tevent_req_timedout"s4_tevent: Schedule immediate event
>"tevent_req_trigger": 0x7f2130045b50s4_tevent: Ending timer event
>0x7f213025cb90 "tevent_req_timedout"s4_tevent: Run immediate event
>"tevent_req_trigger": 0x7f2130045b50s4_tevent: Added timed event
>"tevent_req_timedout": 0x7f213025cb90s4_tevent: Running timer event
>0x7f213025cb90 "tevent_req_timedout"s4_tevent: Schedule immediate event
>"tevent_req_trigger": 0x7f213001d230s4_tevent: Ending timer event
>0x7f213025cb90 "tevent_req_timedout"s4_tevent: Run immediate event
>"tevent_req_trigger": 0x7f213001d230s4_tevent: Added timed event
>"tevent_req_timedout": 0x7f213025cb90s4_tevent: Running timer event
>0x7f21302a8b10 "tevent_req_timedout"s4_tevent: Destroying timer event
>0x7f213025cb90 "tevent_req_timedout"finddcs: No matching CLDAP server
>founds4_tevent: Ending timer event 0x7f21302a8b10
>"tevent_req_timedout"[Thu Jun 09 20:39:38.703506 2016] [:error] [pid
>2503] ipa: INFO: [jsonserver_session] admin@<ipadomain.com>:
>trust_add(u'addomain.com', trust_type=u'ad', trust_secret=u'********',
>all=False, raw=False, version=u'2.156'): RemoteRetrieveError Once again
>I would be glad to provide entire logs if needed. But would be grateful
>for suggestions on how to resolve the above error.
Do you have IPv6 disabled?
www.freeipa.org/page/Active_Directory_trust_setup#IPv6_stack_usage
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list