[Freeipa-users] AD Trust failed with 'CIFS server configurationdoes not allow access to \\pipe\lsarpc'

Matrix matrix.zj at qq.com
Sun May 1 13:55:20 UTC 2016 

Hi, Alexander

log from /var/log/httpd/error_log

lpcfg_load: refreshing parameters from /usr/share/ipa/smb.conf.empty
Processing section "[global]"
INFO: Current debug levels:
  all: 100
  tdb: 100
  printdrivers: 100
  lanman: 100
  smb: 100
  rpc_parse: 100
  rpc_srv: 100
  rpc_cli: 100
  passdb: 100
  sam: 100
  auth: 100
  winbind: 100
  vfs: 100
  idmap: 100
  quota: 100
  acls: 100
  locking: 100
  msdfs: 100
  dmapi: 100
  registry: 100
  scavenger: 100
  dns: 100
  ldb: 100
pm_process() returned Yes
Using binding ncacn_np:ipaserver.dev.example.net[,print,smb2]
s4_tevent: Added timed event "dcerpc_connect_timeout_handler": 0x7f1c1c0ff6b0
s4_tevent: Added timed event "composite_trigger": 0x7f1c1c458350
s4_tevent: Added timed event "composite_trigger": 0x7f1c1c45ba70
s4_tevent: Running timer event 0x7f1c1c458350 "composite_trigger"
s4_tevent: Destroying timer event 0x7f1c1c45ba70 "composite_trigger"
Mapped to DCERPC endpoint \pipe\lsarpc
added interface eth0 ip=192.168.10.241 bcast=192.168.11.255 netmask=255.255.254.0
added interface eth0 ip=192.168.10.241 bcast=192.168.11.255 netmask=255.255.254.0
resolve_lmhosts: Attempting lmhosts lookup for name ipaserver.dev.example.net<0x20>
getlmhostsent: lmhost entry: 127.0.0.1 localhost
s4_tevent: Added timed event "composite_trigger": 0x7f1c1c46d740
s4_tevent: Ending timer event 0x7f1c1c458350 "composite_trigger"
s4_tevent: Running timer event 0x7f1c1c46d740 "composite_trigger"
s4_tevent: Ending timer event 0x7f1c1c46d740 "composite_trigger"
s4_tevent: Added timed event "connect_multi_timer": 0x7f1c1c242c70
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7f1c1c04d750
s4_tevent: Run immediate event "tevent_req_trigger": 0x7f1c1c04d750
s4_tevent: Destroying timer event 0x7f1c1c242c70 "connect_multi_timer"
Socket options:
        SO_KEEPALIVE = 0
        SO_REUSEADDR = 0
        SO_BROADCAST = 0
        TCP_NODELAY = 1
        TCP_KEEPCNT = 9
        TCP_KEEPIDLE = 7200
        TCP_KEEPINTVL = 75
        IPTOS_LOWDELAY = 0
        IPTOS_THROUGHPUT = 0
        SO_REUSEPORT = 0
        SO_SNDBUF = 2626560
        SO_RCVBUF = 1061296
        SO_SNDLOWAT = 1
        SO_RCVLOWAT = 1
        SO_SNDTIMEO = 0
        SO_RCVTIMEO = 0
        TCP_QUICKACK = 1
        TCP_DEFER_ACCEPT = 0
s4_tevent: Added timed event "tevent_req_timedout": 0x7f1c1c2e3430
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f1c1c2dd3d0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f1c1c2dd3d0
s4_tevent: Destroying timer event 0x7f1c1c2e3430 "tevent_req_timedout"
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7f1c1c04d600
s4_tevent: Run immediate event "tevent_req_trigger": 0x7f1c1c04d600
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Ticket in credentials cache for admin at DEV.EXAMPLE.NET will expire in 84175 secs
s4_tevent: Added timed event "tevent_req_timedout": 0x7f1c1c42a450
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f1c1c2dd3d0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f1c1c2dd3d0
s4_tevent: Destroying timer event 0x7f1c1c42a450 "tevent_req_timedout"
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7f1c1c2ad220
s4_tevent: Run immediate event "tevent_req_trigger": 0x7f1c1c2ad220
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically sealed
s4_tevent: Added timed event "tevent_req_timedout": 0x7f1c1c3e7650
signed SMB2 message
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f1c1c2dd3d0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f1c1c2dd3d0
s4_tevent: Destroying timer event 0x7f1c1c3e7650 "tevent_req_timedout"
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7f1c1c2ad220
s4_tevent: Run immediate event "tevent_req_trigger": 0x7f1c1c2ad220
s4_tevent: Added timed event "tevent_req_timedout": 0x7f1c1c4441c0
signed SMB2 message
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f1c1c2dd3d0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f1c1c2dd3d0
s4_tevent: Destroying timer event 0x7f1c1c4441c0 "tevent_req_timedout"
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7f1c1c05db70
s4_tevent: Run immediate event "tevent_req_trigger": 0x7f1c1c05db70
s4_tevent: Added timed event "tevent_req_timedout": 0x7f1c1c47fd40
signed SMB2 message
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f1c1c2dd3d0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f1c1c2dd3d0
s4_tevent: Destroying timer event 0x7f1c1c47fd40 "tevent_req_timedout"
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7f1c1cb553c0
s4_tevent: Run immediate event "tevent_req_trigger": 0x7f1c1cb553c0
s4_tevent: Destroying timer event 0x7f1c1c0ff6b0 "dcerpc_connect_timeout_handler"
[Sun May 01 13:53:05.420066 2016] [:error] [pid 6995] ipa: INFO: [jsonserver_session] admin at DEV.EXAMPLE.NET: trust_add(u'examplemedia.net', trust_type=u'ad', realm_admin=u'Administrator', realm_passwd=u'********', all=False, raw=False, version=u'2.156'): RemoteRetrieveError





------------------ Original ------------------
From:  "Alexander Bokovoy";<abokovoy at redhat.com>;
Date:  Sun, May 1, 2016 09:40 PM
To:  "Matrix"<matrix.zj at qq.com>; 
Cc:  "freeipa-users"<freeipa-users at redhat.com>; 
Subject:  Re: [Freeipa-users] AD Trust failed with 'CIFS server configurationdoes not allow access to \\pipe\lsarpc'



On Sun, 01 May 2016, Matrix wrote:
>Hi, list
>
>I am trying to setup an integration env between IPA and AD Window 2012 R2.
>
>Below error occurred while running "# echo 'RedHat1!' | ipa trust-add --type=ad examplemedia.net --admin Administrator --password"
>
># echo 'RedHat1!' | ipa trust-add --type=ad examplemedia.net --admin Administrator --password
>ipa: ERROR: CIFS server configuration does not allow access to \\pipe\lsarpc
>
>
>IPA / Samba Version, I am running with:
>
>ipa-server-4.2.0-15.el7.x86_64
>samba-4.2.3-12.el7_2.x86_64
>
># tailf /var/log/httpd/error_log
>[Sun May 01 08:27:17.493412 2016] [:error] [pid 32267] ipa: INFO: [jsonserver_session] admin at DEV.EXAMPLE.NET: trust_add(u'examplemedia.net', trust_type=u'ad', realm_admin=u'Administrator', realm_passwd=u'********', all=False, raw=False, version=u'2.156'): RemoteRetrieveError
>[Sun May 01 08:35:00.600654 2016] [:error] [pid 32266] ipa: INFO: [jsonserver_session] admin at DEV.EXAMPLE.NET: trust_add(u'examplemedia.net', trust_type=u'ad', realm_admin=u'Administrator', realm_passwd=u'********', all=False, raw=False, version=u'2.156'): RemoteRetrieveError
>
>I have also tried latest ipa-server version shipped by RHEL. the same error occurred.
>
>It ssems that https://bugzilla.redhat.com/show_bug.cgi?id=1249455 did not fixed it.
Add 'log level = 100' to /usr/share/ipa/smb.conf.empty and re-try 
'ipa trust-add'. You'll get more detailed debugging output in error_log.
-- 
/ Alexander Bokovoy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160501/a59eb8bd/attachment.htm>

More information about the Freeipa-users mailing list