[Freeipa-users] Can't establish trust with 2008 AD
pgb205
pgb205 at yahoo.com
Fri Jun 10 15:36:43 UTC 2016
Alexander, here you go.
One thing that came to mind that might the a problem. My Active directory is adserver.addomain.comwhile IPA is ipax1.ipadomain; there is no suffix. Not sure if that would matter.
Anyway here is the log as requested.
Thank you.
net ads lookup -d 10 -S dc.addomain.comINFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10lp_load_ex: refreshing parametersInitialising global parametersrlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10Processing section "[global]"doing parameter debug pid = yesdoing parameter config backend = registrypm_process() returned Yeslp_load_ex: changing to config backend registryFreeing parametrics:Initialising global parametersrlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10lp_load_ex: refreshing parametersInitialising global parametersrlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10doing parameter registry shares = yesregistry_init_smbconf calledregdb_init: registry db openend. refcount reset (1)reghook_cache_init: new tree with default ops 0x7f2130163000 for key []regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports]regdb_unpack_values: value[0]: name[Samba Printer Port] len[2]regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers]regdb_unpack_values: value[0]: name[DefaultSpoolDirectory] len[70]regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog]regdb_unpack_values: value[0]: name[DisplayName] len[20]regdb_unpack_values: value[1]: name[ErrorControl] len[4]regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog]regdb_unpack_values: value[0]: name[DisplayName] len[20]regdb_unpack_values: value[1]: name[ErrorControl] len[4]reghook_cache_add: Adding ops 0x7f2132ee2520 for key [\HKLM\SOFTWARE\Samba\smbconf]pathtree_add: Enterpathtree_add: Successfully added node [HKLM\SOFTWARE\Samba\smbconf] to treepathtree_add: Exitregdb_close: decrementing refcount (1->0)regdb_open: registry db opened. refcount reset (1)regkey_open_onelevel: name = [HKLM]regdb_open: incrementing refcount (1->2)reghook_cache_find: Searching for keyname [\HKLM]pathtree_find: Enter [\HKLM]pathtree_find: Exitreghook_cache_find: found ops 0x7f2130163000 for key [\HKLM]regkey_open_onelevel: name = [SOFTWARE]regdb_open: incrementing refcount (2->3)reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE]pathtree_find: Enter [\HKLM\SOFTWARE]pathtree_find: Exitreghook_cache_find: found ops 0x7f2130163000 for key [\HKLM\SOFTWARE]regkey_open_onelevel: name = [Samba]regdb_open: incrementing refcount (3->4)reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba]pathtree_find: Enter [\HKLM\SOFTWARE\Samba]pathtree_find: Exitreghook_cache_find: found ops 0x7f2130163000 for key [\HKLM\SOFTWARE\Samba]regkey_open_onelevel: name = [smbconf]regdb_open: incrementing refcount (4->5)reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba\smbconf]pathtree_find: Enter [\HKLM\SOFTWARE\Samba\smbconf]pathtree_find: Exitreghook_cache_find: found ops 0x7f2132ee2520 for key [\HKLM\SOFTWARE\Samba\smbconf]regdb_close: decrementing refcount (5->4)regdb_close: decrementing refcount (4->3)regdb_close: decrementing refcount (3->2)process_registry_service: service name globalregkey_open_onelevel: name = [global]regdb_open: incrementing refcount (2->3)reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba\smbconf\global]pathtree_find: Enter [\HKLM\SOFTWARE\Samba\smbconf\global]pathtree_find: Exitreghook_cache_find: found ops 0x7f2132ee2520 for key [\HKLM\SOFTWARE\Samba\smbconf\global]regdb_close: decrementing refcount (3->2)regkey_open_onelevel: name = [global]regdb_open: incrementing refcount (2->3)reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba\smbconf\global]pathtree_find: Enter [\HKLM\SOFTWARE\Samba\smbconf\global]pathtree_find: Exitreghook_cache_find: found ops 0x7f2132ee2520 for key [\HKLM\SOFTWARE\Samba\smbconf\global]fetch_reg_values called for key 'HKLM\SOFTWARE\Samba\smbconf\global' (ops 0x7f2132ee2520)regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Samba\smbconf\global]regdb_unpack_values: value[0]: name[workgroup] len[8]regdb_unpack_values: value[1]: name[netbios name] len[12]regdb_unpack_values: value[2]: name[realm] len[8]regdb_unpack_values: value[3]: name[kerberos method] len[34]regdb_unpack_values: value[4]: name[dedicated keytab file] len[58]regdb_unpack_values: value[5]: name[create krb5 conf] len[6]regdb_unpack_values: value[6]: name[security] len[10]regdb_unpack_values: value[7]: name[domain master] len[8]regdb_unpack_values: value[8]: name[domain logons] len[8]regdb_unpack_values: value[9]: name[max log size] len[14]regdb_unpack_values: value[10]: name[log file] len[44]regdb_unpack_values: value[11]: name[passdb backend] len[94]regdb_unpack_values: value[12]: name[disable spoolss] len[8]regdb_unpack_values: value[13]: name[ldapsam:trusted] len[8]regdb_unpack_values: value[14]: name[ldap ssl] len[8]regdb_unpack_values: value[15]: name[ldap suffix] len[14]regdb_unpack_values: value[16]: name[ldap user suffix] len[42]regdb_unpack_values: value[17]: name[ldap group suffix] len[44]regdb_unpack_values: value[18]: name[ldap machine suffix] len[50]regdb_unpack_values: value[19]: name[rpc_server:epmapper] len[18]regdb_unpack_values: value[20]: name[rpc_server:lsarpc] len[18]regdb_unpack_values: value[21]: name[rpc_server:lsass] len[18]regdb_unpack_values: value[22]: name[rpc_server:lsasd] len[18]regdb_unpack_values: value[23]: name[rpc_server:samr] len[18]regdb_unpack_values: value[24]: name[rpc_server:netlogon] len[18]regdb_unpack_values: value[25]: name[rpc_server:tcpip] len[8]regdb_unpack_values: value[26]: name[rpc_daemon:epmd] len[10]regdb_unpack_values: value[27]: name[rpc_daemon:lsasd] len[10]regdb_unpack_values: value[28]: name[log level] len[8]regdb_close: decrementing refcount (3->2)Processing section "[global]"doing parameter workgroup = IPADOMAINdoing parameter netbios name = IPAX1doing parameter realm = IPADOMAINdoing parameter kerberos method = dedicated keytabdoing parameter dedicated keytab file = FILE:/etc/samba/samba.keytabdoing parameter create krb5 conf = nodoing parameter security = userdoing parameter domain master = yesdoing parameter domain logons = yesdoing parameter max log size = 100000doing parameter log file = /var/log/samba/log.%mdoing parameter passdb backend = ipasam:ldapi://%2fvar%2frun%2fslapd-IPADOMAIN.socketdoing parameter disable spoolss = yesdoing parameter ldapsam:trusted = yesdoing parameter ldap ssl = offdoing parameter ldap suffix = dc=ipadomaindoing parameter ldap user suffix = cn=users,cn=accountsdoing parameter ldap group suffix = cn=groups,cn=accountsdoing parameter ldap machine suffix = cn=computers,cn=accountsdoing parameter rpc_server:epmapper = externaldoing parameter rpc_server:lsarpc = externaldoing parameter rpc_server:lsass = externaldoing parameter rpc_server:lsasd = externaldoing parameter rpc_server:samr = externaldoing parameter rpc_server:netlogon = externaldoing parameter rpc_server:tcpip = yesdoing parameter rpc_daemon:epmd = forkdoing parameter rpc_daemon:lsasd = forkdoing parameter log level = 100lp_servicenumber: couldn't find homesNetbios name list:-my_netbios_names[0]="IPAX1"added interface eno1 ip=<ipa srv ip> bcast=<ipa srv broadcast> netmask=255.255.255.0Registering messaging pointer for type 2 - private_data=(nil)Registering messaging pointer for type 9 - private_data=(nil)Registered MSG_REQ_POOL_USAGERegistering messaging pointer for type 11 - private_data=(nil)Registering messaging pointer for type 12 - private_data=(nil)Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGEDRegistering messaging pointer for type 1 - private_data=(nil)Registering messaging pointer for type 5 - private_data=(nil)Opening cache file at /var/lib/samba/gencache.tdbOpening cache file at /var/lib/samba/gencache_notrans.tdbsitename_fetch: No stored sitename for IPADOMAINinternal_resolve_name: looking up dc.addomain.com#20 (sitename (null))name dc.addomain.com#20 found.remove_duplicate_addrs2: looking for duplicate address/port pairsads_try_connect: sending CLDAP request to 172.19.1.10 (realm: (null))ads_cldap_netlogon: did not get a replyads_try_connect: CLDAP request 172.19.1.10 failed.sitename_fetch: No stored sitename for IPADOMAINads_find_dc: (cldap) looking for domain 'IPADOMAIN'get_sorted_dc_list: attempting lookup for name IPADOMAIN (sitename NULL)saf_fetch: failed to find server for "IPADOMAIN" domainget_dc_list: preferred server list: ", *"internal_resolve_name: looking up IPADOMAIN#1c (sitename (null))no entry for IPADOMAIN#1C found.resolve_lmhosts: Attempting lmhosts lookup for name IPADOMAIN<0x1c>resolve_lmhosts: Attempting lmhosts lookup for name IPADOMAIN<0x1c>getlmhostsent: lmhost entry: 127.0.0.1 localhostresolve_wins: WINS server resolution selected and no WINS servers listed.resolve_hosts: not appropriate for name type <0x1c>name_resolve_bcast: Attempting broadcast lookup for name IPADOMAIN<0x1c>tstream_unix_connect failed: No such file or directorynmbd not aroundAdding 0 DC's from auto lookupget_dc_list: no servers foundads_connect: No logon serverssitename_fetch: No stored sitename for IPADOMAINinternal_resolve_name: looking up dc.addomain.com#20 (sitename (null))name dc.addomain.com#20 found.remove_duplicate_addrs2: looking for duplicate address/port pairsads_try_connect: sending CLDAP request to 172.19.1.10 (realm: (null))ads_cldap_netlogon: did not get a replyads_try_connect: CLDAP request 172.19.1.10 failed.sitename_fetch: No stored sitename for IPADOMAINads_find_dc: (cldap) looking for domain 'IPADOMAIN'get_sorted_dc_list: attempting lookup for name IPADOMAIN (sitename NULL)saf_fetch: failed to find server for "IPADOMAIN" domainget_dc_list: preferred server list: ", *"internal_resolve_name: looking up IPADOMAIN#1c (sitename (null))no entry for IPADOMAIN#1C found.resolve_lmhosts: Attempting lmhosts lookup for name IPADOMAIN<0x1c>resolve_lmhosts: Attempting lmhosts lookup for name IPADOMAIN<0x1c>getlmhostsent: lmhost entry: 127.0.0.1 localhostresolve_wins: WINS server resolution selected and no WINS servers listed.resolve_hosts: not appropriate for name type <0x1c>name_resolve_bcast: Attempting broadcast lookup for name IPADOMAIN<0x1c>tstream_unix_connect failed: No such file or directorynmbd not aroundAdding 0 DC's from auto lookupget_dc_list: no servers foundads_connect: No logon serversDidn't find the cldap server!return code = -1
From: Alexander Bokovoy <abokovoy at redhat.com>
To: pgb205 <pgb205 at yahoo.com>
Cc: "freeipa-users at redhat.com" <freeipa-users at redhat.com>
Sent: Friday, June 10, 2016 1:58 AM
Subject: Re: [Freeipa-users] Can't establish trust with 2008 AD
On Fri, 10 Jun 2016, pgb205 wrote:
>The trust setup still results in
>Shared secret for the trust:: ERROR: CIFS server communication error: code "None", message "NT_STATUS_IO_TIMEOUT" (both may be "None")
>If you want I can provide with logs.
Can you show output of
net ads lookup -d 10 -S dc.addomain.com
--
/ Alexander Bokovoy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160610/4c051095/attachment.htm>
More information about the Freeipa-users
mailing list