<div dir="ltr"><div>Also doing trust manually (as explained here <a href="http://www.freeipa.org/page/Active_Directory_trust_setup">http://www.freeipa.org/page/Active_Directory_trust_setup</a>) the command fail in the same mode:<br># ipa trust-add --type=ad <a href="http://MYDOMAIN.COM">MYDOMAIN.COM</a> --trust-secret<br>Shared secret for the trust:<br>ipa: ERROR: Cannot find specified domain or server name<br><br>==> /var/log/httpd/access_log <==<br>192.168.0.65 - - [08/Sep/2015:17:50:21 +0200] "POST /ipa/session/json HTTP/1.1" 200 185<br><br>==> /var/log/httpd/error_log <==<br>[Tue Sep 08 17:50:22.183939 2015] [:error] [pid 4265] ipa: INFO: [jsonserver_session] <a href="mailto:admin@IPA.MYDOMAIN.COM">admin@IPA.MYDOMAIN.COM</a>: trust_add(u'<a href="http://MYDOMAIN.COM">MYDOMAIN.COM</a>', trust_type=u'ad', trust_secret=u'********', all=False, raw=False, version=u'2.112'): NotFound<br><br>==> /var/log/samba/log.winbindd-idmap <==<br>[2015/09/08 17:50:22.178007,  1] ../source3/winbindd/idmap.c:202(idmap_init_domain)<br>  idmap range not specified for domain *<br>[2015/09/08 17:50:22.178984,  1] ../source3/winbindd/idmap.c:202(idmap_init_domain)<br>  idmap range not specified for domain *<br>[2015/09/08 17:50:22.179771,  1] ../source3/winbindd/idmap.c:202(idmap_init_domain)<br>  idmap range not specified for domain *<br>[2015/09/08 17:50:22.179863,  1] ../source3/winbindd/idmap.c:202(idmap_init_domain)<br>  idmap range not specified for domain *<br><br></div>:( Morgan<br></div><div class="gmail_extra"><br><div class="gmail_quote">2015-09-08 15:21 GMT+02:00 Alexander Bokovoy <span dir="ltr"><<a href="mailto:abokovoy@redhat.com" target="_blank">abokovoy@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Tue, 08 Sep 2015, Morgan Marodin wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I've solved this error, reading this forum:<br>
<a href="https://www.redhat.com/archives/freeipa-users/2015-July/msg00247.html" rel="noreferrer" target="_blank">https://www.redhat.com/archives/freeipa-users/2015-July/msg00247.html</a><br>
<br>
But now when I try to trust to my Active Directory I see these errors:<br>
--------------------<br>
# ipa trust-add --type=ad <a href="http://mydomain.com" rel="noreferrer" target="_blank">mydomain.com</a> --admin Administrator --password<br>
Active Directory domain administrator's password:<br>
ipa: ERROR: CIFS server communication error: code "-1073741258",<br>
                 message "The connection was refused" (both may be "None")<br>
<br>
Here my logs:<br>
--------------------<br>
==> /var/log/httpd/error_log <==<br>
Failed to connect host 192.168.0.65 on port 135 -<br>
NT_STATUS_CONNECTION_REFUSED<br>
Failed to connect host 192.168.0.65 (<a href="http://srv01.ipa.mydomain.com" rel="noreferrer" target="_blank">srv01.ipa.mydomain.com</a>) on port 135 -<br>
NT_STATUS_CONNECTION_REFUSED.<br>
[Tue Sep 08 15:01:50.859313 2015] [:error] [pid 2221] ipa: INFO:<br>
[jsonserver_kerb] <a href="mailto:admin@IPA.MYDOMAIN.COM" target="_blank">admin@IPA.MYDOMAIN.COM</a>: trust_add(u'<a href="http://mydomain.com" rel="noreferrer" target="_blank">mydomain.com</a>',<br>
trust_type=u'ad', realm_admin=u'Administrator', realm_passwd=u'********',<br>
all=False, raw=False, version=u'2.112'): RemoteRetrieveError<br>
<br>
==> /var/log/samba/log.192.168.0.65 <==<br>
[2015/09/08 15:01:50.833128,  1]<br>
../source3/auth/user_krb5.c:164(get_user_from_kerberos_info)<br>
 Username IPA\admin is invalid on this system<br>
</blockquote></span>
This is your problem. Does your system have SSSD actually running?<br>
<br>
<br>
List of ports that smbd should be listening on on IPA master:<br>
# netstat -nltup|grep smbd<br>
tcp        0      0 <a href="http://0.0.0.0:135" rel="noreferrer" target="_blank">0.0.0.0:135</a>             0.0.0.0:* LISTEN      12420/smbd          tcp        0      0 <a href="http://0.0.0.0:139" rel="noreferrer" target="_blank">0.0.0.0:139</a>             0.0.0.0:* LISTEN      12417/smbd          tcp        0      0 <a href="http://0.0.0.0:445" rel="noreferrer" target="_blank">0.0.0.0:445</a>             0.0.0.0:* LISTEN      12417/smbd          tcp        0      0 <a href="http://0.0.0.0:1024" rel="noreferrer" target="_blank">0.0.0.0:1024</a>            0.0.0.0:* LISTEN      12422/smbd          tcp6       0      0 :::135                  :::*      LISTEN      12420/smbd          tcp6       0      0 :::139                  :::*      LISTEN      12417/smbd          tcp6       0      0 :::445                  :::*      LISTEN      12417/smbd          tcp6       0      0 :::1024                 :::*      LISTEN      12422/smbd<span class="HOEnZb"><font color="#888888"><br>
<br>
-- <br>
/ Alexander Bokovoy<br>
</font></span></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature">Morgan Marodin<br>email: <a href="mailto:morgan@marodin.it" target="_blank">morgan@marodin.it</a><br>mobile: +39.3477829069<br></div>
</div>