Hi, Alexander log from /var/log/httpd/error_log lpcfg_load: refreshing parameters from /usr/share/ipa/smb.conf.empty Processing section "[global]" INFO: Current debug levels: all: 100 tdb: 100 printdrivers: 100 lanman: 100 smb: 100 rpc_parse: 100 rpc_srv: 100 rpc_cli: 100 passdb: 100 sam: 100 auth: 100 winbind: 100 vfs: 100 idmap: 100 quota: 100 acls: 100 locking: 100 msdfs: 100 dmapi: 100 registry: 100 scavenger: 100 dns: 100 ldb: 100 pm_process() returned Yes Using binding ncacn_np:ipaserver.dev.example.net[,print,smb2] s4_tevent: Added timed event "dcerpc_connect_timeout_handler": 0x7f1c1c0ff6b0 s4_tevent: Added timed event "composite_trigger": 0x7f1c1c458350 s4_tevent: Added timed event "composite_trigger": 0x7f1c1c45ba70 s4_tevent: Running timer event 0x7f1c1c458350 "composite_trigger" s4_tevent: Destroying timer event 0x7f1c1c45ba70 "composite_trigger" Mapped to DCERPC endpoint \pipe\lsarpc added interface eth0 ip=192.168.10.241 bcast=192.168.11.255 netmask=255.255.254.0 added interface eth0 ip=192.168.10.241 bcast=192.168.11.255 netmask=255.255.254.0 resolve_lmhosts: Attempting lmhosts lookup for name ipaserver.dev.example.net<0x20> getlmhostsent: lmhost entry: 127.0.0.1 localhost s4_tevent: Added timed event "composite_trigger": 0x7f1c1c46d740 s4_tevent: Ending timer event 0x7f1c1c458350 "composite_trigger" s4_tevent: Running timer event 0x7f1c1c46d740 "composite_trigger" s4_tevent: Ending timer event 0x7f1c1c46d740 "composite_trigger" s4_tevent: Added timed event "connect_multi_timer": 0x7f1c1c242c70 s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7f1c1c04d750 s4_tevent: Run immediate event "tevent_req_trigger": 0x7f1c1c04d750 s4_tevent: Destroying timer event 0x7f1c1c242c70 "connect_multi_timer" Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 0 SO_SNDBUF = 2626560 SO_RCVBUF = 1061296 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 s4_tevent: Added timed event "tevent_req_timedout": 0x7f1c1c2e3430 s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f1c1c2dd3d0 s4_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f1c1c2dd3d0 s4_tevent: Destroying timer event 0x7f1c1c2e3430 "tevent_req_timedout" s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7f1c1c04d600 s4_tevent: Run immediate event "tevent_req_trigger": 0x7f1c1c04d600 Starting GENSEC mechanism spnego Starting GENSEC submechanism gssapi_krb5 Ticket in credentials cache for admin@DEV.EXAMPLE.NET will expire in 84175 secs s4_tevent: Added timed event "tevent_req_timedout": 0x7f1c1c42a450 s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f1c1c2dd3d0 s4_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f1c1c2dd3d0 s4_tevent: Destroying timer event 0x7f1c1c42a450 "tevent_req_timedout" s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7f1c1c2ad220 s4_tevent: Run immediate event "tevent_req_trigger": 0x7f1c1c2ad220 gensec_gssapi: NO credentials were delegated GSSAPI Connection will be cryptographically sealed s4_tevent: Added timed event "tevent_req_timedout": 0x7f1c1c3e7650 signed SMB2 message s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f1c1c2dd3d0 s4_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f1c1c2dd3d0 s4_tevent: Destroying timer event 0x7f1c1c3e7650 "tevent_req_timedout" s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7f1c1c2ad220 s4_tevent: Run immediate event "tevent_req_trigger": 0x7f1c1c2ad220 s4_tevent: Added timed event "tevent_req_timedout": 0x7f1c1c4441c0 signed SMB2 message s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f1c1c2dd3d0 s4_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f1c1c2dd3d0 s4_tevent: Destroying timer event 0x7f1c1c4441c0 "tevent_req_timedout" s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7f1c1c05db70 s4_tevent: Run immediate event "tevent_req_trigger": 0x7f1c1c05db70 s4_tevent: Added timed event "tevent_req_timedout": 0x7f1c1c47fd40 signed SMB2 message s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f1c1c2dd3d0 s4_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f1c1c2dd3d0 s4_tevent: Destroying timer event 0x7f1c1c47fd40 "tevent_req_timedout" s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7f1c1cb553c0 s4_tevent: Run immediate event "tevent_req_trigger": 0x7f1c1cb553c0 s4_tevent: Destroying timer event 0x7f1c1c0ff6b0 "dcerpc_connect_timeout_handler" [Sun May 01 13:53:05.420066 2016] [:error] [pid 6995] ipa: INFO: [jsonserver_session] admin@DEV.EXAMPLE.NET: trust_add(u'examplemedia.net', trust_type=u'ad', realm_admin=u'Administrator', realm_passwd=u'********', all=False, raw=False, version=u'2.156'): RemoteRetrieveError <div><div> </div><div> </div><div style="font-size: 12px;font-family: Arial Narrow;padding:2px 0 2px 0;">------------------ Original ------------------</div><div style="font-size: 12px;background:#efefef;padding:8px;"><div>From: "Alexander Bokovoy";<abokovoy@redhat.com>;</div><div>Date: Sun, May 1, 2016 09:40 PM</div><div>To: "Matrix"<matrix.zj@qq.com>; </div><div>Cc: "freeipa-users"<freeipa-users@redhat.com>; </div><div>Subject: Re: [Freeipa-users] AD Trust failed with 'CIFS server configurationdoes not allow access to \\pipe\lsarpc'</div></div><div> </div>On Sun, 01 May 2016, Matrix wrote: >Hi, list > >I am trying to setup an integration env between IPA and AD Window 2012 R2. > >Below error occurred while running "# echo 'RedHat1!' | ipa trust-add --type=ad examplemedia.net --admin Administrator --password" > ># echo 'RedHat1!' | ipa trust-add --type=ad examplemedia.net --admin Administrator --password >ipa: ERROR: CIFS server configuration does not allow access to \\pipe\lsarpc > > >IPA / Samba Version, I am running with: > >ipa-server-4.2.0-15.el7.x86_64 >samba-4.2.3-12.el7_2.x86_64 > ># tailf /var/log/httpd/error_log >[Sun May 01 08:27:17.493412 2016] [:error] [pid 32267] ipa: INFO: [jsonserver_session] admin@DEV.EXAMPLE.NET: trust_add(u'examplemedia.net', trust_type=u'ad', realm_admin=u'Administrator', realm_passwd=u'********', all=False, raw=False, version=u'2.156'): RemoteRetrieveError >[Sun May 01 08:35:00.600654 2016] [:error] [pid 32266] ipa: INFO: [jsonserver_session] admin@DEV.EXAMPLE.NET: trust_add(u'examplemedia.net', trust_type=u'ad', realm_admin=u'Administrator', realm_passwd=u'********', all=False, raw=False, version=u'2.156'): RemoteRetrieveError > >I have also tried latest ipa-server version shipped by RHEL. the same error occurred. > >It ssems that https://bugzilla.redhat.com/show_bug.cgi?id=1249455 did not fixed it. Add 'log level = 100' to /usr/share/ipa/smb.conf.empty and re-try 'ipa trust-add'. You'll get more detailed debugging output in error_log. -- / Alexander Bokovoy</div>