<html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> On 01/17/2014 06:29 PM, Zulkifal Ahmad wrote: <blockquote cite="mid:SNT147-W61DAF0564365CC2D4774B7A4B80@phx.gbl" type="cite"> <style></style> <div dir="ltr">Hi List , Just wanted to find out if anyone has setup an ipa-AD trust successfully, According to the instructions in the following link <a moz-do-not-send="true" href="https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/trust-ipa-subdomain.html">https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/trust-ipa-subdomain.html</a> everything went well until I hit the point where I had to check the samba configuration, by typing the command <a moz-do-not-send="true" href="mailto:root@ipaserver">root@ipaserver</a># smbclient -L ipaserver.ipaexample.com -k smbclient: command not found and similar for <a moz-do-not-send="true" href="mailto:root@ipaserver">root@ipaserver</a># wbinfo --online-status wbinfo: command not found I am pretty sure that the command "ipa-trust-install" command did install samba4 packages as dependencies, anyways I thought these packages were not necessary and went forward until I got really stuck when I typed the command . <a moz-do-not-send="true" href="mailto:root@ipaserver">root@ipaserver</a># ipa trust-add --type=ad adexample.com --admin Administrator --password This gave me a very cruel message ipa: ERROR: CIFS server communication error: code "-1073741801", message "Memory allocation error" (both may be "None") If its this bug " <a moz-do-not-send="true" href="https://bugzilla.redhat.com/show_bug.cgi?id=878168">https://bugzilla.redhat.com/show_bug.cgi?id=878168</a> " </div> </blockquote> Yes. The solution is: If configured, the Active Directory (AD) DNS server returns IPv4 and IPv6 addresses of an AD server. If the FreeIPA server cannot connect to the AD server with an IPv6 address, running the ipa trust-add command will fail even if it would be possible to use IPv4. To work around this problem, add the IPv4 address of the AD server to the /etc/hosts file. In this case, the FreeIPA server will use only the IPv4 address and executing ipa trust-add will be successful. <blockquote cite="mid:SNT147-W61DAF0564365CC2D4774B7A4B80@phx.gbl" type="cite"> <div dir="ltr">has anyone worked it out. Secondly cifs-utils has dependency on samba3 packages and ipa-ad-trust needs samba4 but samba3 and samba4 don't like each other , so this is the story of my experience with ipa. Any suggestions ? </div> </blockquote> Why do you need cifs-utils on the same server? cifs-utils to make a system a client to MSFT file server, AFAIU you cant make IPA server to be a cifs client. SSSD 1.12 (in works) if going to be capable to work with cifs-utils instead of samba winbind thus the limitation will be lifted. <blockquote cite="mid:SNT147-W61DAF0564365CC2D4774B7A4B80@phx.gbl" type="cite"> <div dir="ltr">My ipa server server OS : CentOS 6.5 ipa server version : 3 Active directory: server 2008 R2 Standard Thank you Best Regards Sahibzada .Z. Ahmad System Administrator </div> <fieldset class="mimeAttachmentHeader"></fieldset> <pre wrap="">_______________________________________________ Freeipa-users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre> </blockquote> <pre class="moz-signature" cols="72">-- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? <a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a> </pre> </body> </html>