<div dir="ltr"><div>Hello Alexander, list,</div><div><br></div>I did get further by specifying --external=true in the ipa trust-add command, it works now for <i>both</i> the Windows and the Samba domain:<div><br></div><div>ipa trust-add <a href="http://office.rdmedia.com" target="_blank">office.rdmedia.com</a> --type=ad --admin Administrator --password --two-way=false --external=true<br></div><div><br></div><div>IPA reports the trust is established successfully and I can also see it in Active Directory Domains and Trusts. However, adding users/groups to an external group fails:</div><div><br></div><div><div>[root@ipa-ams-01 tiemen]# ipa group-add-member office_admins_external --external "OFFICE\domain admins"</div><div>[member user]: </div><div>[member group]: </div><div> Group name: office_admins_external</div><div> Description: <a href="http://office.rdmedia.com" target="_blank">office.rdmedia.com</a> admins external map</div><div> Failed members: </div><div> member user: </div><div> member group: <b>OFFICE\domain admins: trusted domain object not found</b></div><div>-------------------------</div><div>Number of members added 0</div><div>-------------------------</div></div><div><br></div><div>Of course that group exists on the Samba DC:<br></div><div><br></div><div>[root@fluorine samba]# wbinfo -g<br></div><div><div>OFFICE\cert publishers</div><div>OFFICE\ras and ias servers</div><div>OFFICE\allowed rodc password replication group</div><div>OFFICE\denied rodc password replication group</div><div>OFFICE\dnsadmins</div><div>OFFICE\enterprise read-only domain controllers</div><div>OFFICE\domain admins</div><div>OFFICE\domain users</div><div>OFFICE\domain guests</div><div>OFFICE\domain computers</div><div>OFFICE\domain controllers</div><div>OFFICE\schema admins</div><div>OFFICE\enterprise admins</div><div>OFFICE\group policy creator owners</div><div>OFFICE\read-only domain controllers</div><div>OFFICE\dnsupdateproxy</div></div><div><br></div><div>BTW, adding a two-way trust fails because the AD DC reports it can't contact any IPA server. Firewalls on all servers have been disabled.</div><div><br></div><div>I would appreciate any insights!</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 28 April 2017 at 12:09, Tiemen Ruiten <span dir="ltr"><<a href="mailto:t.ruiten@rdmedia.com" target="_blank">t.ruiten@rdmedia.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hello,<div><br></div><div>I set up a fresh Windows Server 2012R2 instance, configured a new forest named '<a href="http://clients.rdmedia.com" target="_blank">clients.rdmedia.com</a>' and I'm getting the same error in the httpd error_log after running 'ipa trust-add <a href="http://clients.rdmedia.com" target="_blank">clients.rdmedia.com</a> --type=ad --admin=Administrator --password': </div><div><br></div><div><div>[Fri Apr 28 12:05:00.420174 2017] [:error] [pid 26417] ipa: ERROR: non-public: RuntimeError: (-1073741811, 'Unexpected information received')</div><div>[Fri Apr 28 12:05:00.420225 2017] [:error] [pid 26417] Traceback (most recent call last):</div><div>[Fri Apr 28 12:05:00.420230 2017] [:error] [pid 26417] File "/usr/lib/python2.7/site-<wbr>packages/ipaserver/rpcserver.<wbr>py", line 366, in wsgi_execute</div><div>[Fri Apr 28 12:05:00.420235 2017] [:error] [pid 26417] result = command(*args, **options)</div><div>[Fri Apr 28 12:05:00.420239 2017] [:error] [pid 26417] File "/usr/lib/python2.7/site-<wbr>packages/ipalib/frontend.py", line 449, in __call__</div><div>[Fri Apr 28 12:05:00.420243 2017] [:error] [pid 26417] return self.__do_call(*args, **options)</div><div>[Fri Apr 28 12:05:00.420247 2017] [:error] [pid 26417] File "/usr/lib/python2.7/site-<wbr>packages/ipalib/frontend.py", line 477, in __do_call</div><div>[Fri Apr 28 12:05:00.420251 2017] [:error] [pid 26417] ret = self.run(*args, **options)</div><div>[Fri Apr 28 12:05:00.420255 2017] [:error] [pid 26417] File "/usr/lib/python2.7/site-<wbr>packages/ipalib/frontend.py", line 799, in run</div><div>[Fri Apr 28 12:05:00.420258 2017] [:error] [pid 26417] return self.execute(*args, **options)</div><div>[Fri Apr 28 12:05:00.420262 2017] [:error] [pid 26417] File "/usr/lib/python2.7/site-<wbr>packages/ipaserver/plugins/<wbr>trust.py", line 739, in execute</div><div>[Fri Apr 28 12:05:00.420267 2017] [:error] [pid 26417] result = self.execute_ad(full_join, *keys, **options)</div><div>[Fri Apr 28 12:05:00.420297 2017] [:error] [pid 26417] File "/usr/lib/python2.7/site-<wbr>packages/ipaserver/plugins/<wbr>trust.py", line 989, in execute_ad</div><div>[Fri Apr 28 12:05:00.420304 2017] [:error] [pid 26417] trust_type</div><div>[Fri Apr 28 12:05:00.420308 2017] [:error] [pid 26417] File "/usr/lib/python2.7/site-<wbr>packages/ipaserver/dcerpc.py", line 1683, in join_ad_full_credentials</div><div>[Fri Apr 28 12:05:00.420312 2017] [:error] [pid 26417] trust_type, trust_external)</div><div>[Fri Apr 28 12:05:00.420316 2017] [:error] [pid 26417] File "/usr/lib/python2.7/site-<wbr>packages/ipaserver/dcerpc.py", line 1363, in establish_trust</div><div>[Fri Apr 28 12:05:00.420320 2017] [:error] [pid 26417] self.update_ftinfo(another_<wbr>domain)</div><div>[Fri Apr 28 12:05:00.420324 2017] [:error] [pid 26417] File "/usr/lib/python2.7/site-<wbr>packages/ipaserver/dcerpc.py", line 1252, in update_ftinfo</div><div>[Fri Apr 28 12:05:00.420328 2017] [:error] [pid 26417] ftinfo, 0)</div><div>[Fri Apr 28 12:05:00.420331 2017] [:error] [pid 26417] RuntimeError: (-1073741811, 'Unexpected information received')</div><div>[Fri Apr 28 12:05:00.420975 2017] [:error] [pid 26417] ipa: INFO: [jsonserver_session] <a href="mailto:admin@I.RDMEDIA.COM" target="_blank">admin@I.RDMEDIA.COM</a>: trust_add/1(u'<a href="http://clients.rdmedia.com" target="_blank">clients.rdmedia.<wbr>com</a>', trust_type=u'ad', realm_admin=u'Administrator', realm_passwd=u'********', version=u'2.213'): RuntimeError</div></div><div><br></div><div>Am I doing something wrong? Logs are ofcourse available privately on request.</div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On 14 April 2017 at 15:13, Alexander Bokovoy <span dir="ltr"><<a href="mailto:abokovoy@redhat.com" target="_blank">abokovoy@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>On pe, 14 huhti 2017, Tiemen Ruiten wrote:<br> </span><span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Yes, <a href="http://office.rdmedia.com" rel="noreferrer" target="_blank">office.rdmedia.com</a> is the Samba AD domain.<br> <br> [root@fluorine samba]# samba-tool domain trust list<br> Type[Forest] Transitive[Yes] Direction[INCOMING] Name[<a href="http://i.rdmedia.com" rel="noreferrer" target="_blank">i.rdmedia.com</a>]<br> [root@fluorine samba]# samba-tool domain trust show <a href="http://i.rdmedia.com" rel="noreferrer" target="_blank">i.rdmedia.com</a><br> LocalDomain Netbios[OFFICE] DNS[<a href="http://office.rdmedia.com" rel="noreferrer" target="_blank">office.rdmedia.com</a>]<br> SID[S-1-5-21-482924559-3201240<wbr>232-3198541477]<br> TrusteDomain:<br> <br> NetbiosName: IPA<br> DnsName: <a href="http://i.rdmedia.com" rel="noreferrer" target="_blank">i.rdmedia.com</a><br> SID: S-1-5-21-3716778977-2487905546<wbr>-4034507762<br> Type: 0x2 (UPLEVEL)<br> Direction: 0x1 (INBOUND)<br> Attributes: 0x8 (FOREST_TRANSITIVE)<br> PosixOffset: 0x00000000 (0)<br> kerb_EncTypes: 0x1c<br> (RC4_HMAC_MD5,AES128_CTS_HMAC_<wbr>SHA1_96,AES256_CTS_HMAC_SHA1_9<wbr>6)<br> Namespaces[0] TDO[<a href="http://i.rdmedia.com" rel="noreferrer" target="_blank">i.rdmedia.com</a>]:<br> </blockquote></span> Ok, thanks. I'll look into this part of Samba code later, after Easter.<div class="m_-4599915225421893340HOEnZb"><div class="m_-4599915225421893340h5"><br> <br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <br> <br> On 14 April 2017 at 14:07, Alexander Bokovoy <<a href="mailto:abokovoy@redhat.com" target="_blank">abokovoy@redhat.com</a>> wrote:<br> <br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> On pe, 14 huhti 2017, Tiemen Ruiten wrote:<br> <br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Hello Alexander,<br> <br> That's strange, when I try to setup a trust with a domain that isn't a<br> subdomain of FreeIPA, I get the same error. I reran:<br> <br> ipa-adtrust-install --netbios-name=IPA<br> <br> and then ran:<br> <br> ipa trust-add --type=ad <a href="http://office.rdmedia.com" rel="noreferrer" target="_blank">office.rdmedia.com</a> --admin Administrator<br> --password<br> <br> </blockquote> <a href="http://office.rdmedia.com" rel="noreferrer" target="_blank">office.rdmedia.com</a> is Samba AD?<br> <br> Then please show output of<br> <br> samba-tool domain trust list<br> <br> and for each domain name in the output above show<br> <br> samba-tool domain trust show <name><br> <br> <br> <br> <br> <br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Last bit of the error_log:<br> <br> rpc reply data:<br> [0000] 00 00 00 00 ....<br> lsa_lsaRSetForestTrustInformat<wbr>ion: struct<br> lsa_lsaRSetForestTrustInformat<wbr>ion<br> in: struct lsa_lsaRSetForestTrustInformat<wbr>ion<br> handle : *<br> handle: struct policy_handle<br> handle_type : 0x00000000 (0)<br> uuid :<br> 43cfa5e6-c10a-49a5-9b75-f7284e<wbr>e44aac<br> trusted_domain_name : *<br> trusted_domain_name: struct lsa_StringLarge<br> length : 0x001a (26)<br> size : 0x001c (28)<br> string : *<br> string : '<a href="http://i.rdmedia.com" rel="noreferrer" target="_blank">i.rdmedia.com</a>'<br> highest_record_type : LSA_FOREST_TRUST_DOMAIN_INFO (2)<br> forest_trust_info : *<br> forest_trust_info: struct lsa_ForestTrustInformation<br> count : 0x00000004 (4)<br> entries : *<br> entries: ARRAY(4)<br> entries : *<br> entries: struct lsa_ForestTrustRecord<br> flags : 0x00000000<br> (0)<br> 0: LSA_TLN_DISABLED_NEW<br> 0: LSA_TLN_DISABLED_ADMIN<br> 0: LSA_TLN_DISABLED_CONFLICT<br> 0: LSA_SID_DISABLED_ADMIN<br> 0: LSA_SID_DISABLED_CONFLICT<br> 0: LSA_NB_DISABLED_ADMIN<br> 0: LSA_NB_DISABLED_CONFLICT<br> type :<br> LSA_FOREST_TRUST_TOP_LEVEL_NAM<wbr>E (0)<br> time : Mon Apr 10<br> 08:43:18 2017 CEST<br> forest_trust_data : union<br> lsa_ForestTrustData(case 0)<br> top_level_name: struct lsa_StringLarge<br> length : 0x002c<br> (44)<br> size : 0x002e<br> (46)<br> string : *<br> string : '<br> <a href="http://test.ams.i.rdmedia.com" rel="noreferrer" target="_blank">test.ams.i.rdmedia.com</a>'<br> entries : *<br> entries: struct lsa_ForestTrustRecord<br> flags : 0x00000000<br> (0)<br> 0: LSA_TLN_DISABLED_NEW<br> 0: LSA_TLN_DISABLED_ADMIN<br> 0: LSA_TLN_DISABLED_CONFLICT<br> 0: LSA_SID_DISABLED_ADMIN<br> 0: LSA_SID_DISABLED_CONFLICT<br> 0: LSA_NB_DISABLED_ADMIN<br> 0: LSA_NB_DISABLED_CONFLICT<br> type :<br> LSA_FOREST_TRUST_TOP_LEVEL_NAM<wbr>E (0)<br> time : Mon Apr 10<br> 08:43:18 2017 CEST<br> forest_trust_data : union<br> lsa_ForestTrustData(case 0)<br> top_level_name: struct lsa_StringLarge<br> length : 0x002c<br> (44)<br> size : 0x002e<br> (46)<br> string : *<br> string : '<br> <a href="http://prod.ams.i.rdmedia.com" rel="noreferrer" target="_blank">prod.ams.i.rdmedia.com</a>'<br> entries : *<br> entries: struct lsa_ForestTrustRecord<br> flags : 0x00000000<br> (0)<br> 0: LSA_TLN_DISABLED_NEW<br> 0: LSA_TLN_DISABLED_ADMIN<br> 0: LSA_TLN_DISABLED_CONFLICT<br> 0: LSA_SID_DISABLED_ADMIN<br> 0: LSA_SID_DISABLED_CONFLICT<br> 0: LSA_NB_DISABLED_ADMIN<br> 0: LSA_NB_DISABLED_CONFLICT<br> type :<br> LSA_FOREST_TRUST_TOP_LEVEL_NAM<wbr>E (0)<br> time : Mon Apr 10<br> 08:43:18 2017 CEST<br> forest_trust_data : union<br> lsa_ForestTrustData(case 0)<br> top_level_name: struct lsa_StringLarge<br> length : 0x001a<br> (26)<br> size : 0x001c<br> (28)<br> string : *<br> string : '<br> <a href="http://i.rdmedia.com" rel="noreferrer" target="_blank">i.rdmedia.com</a>'<br> entries : *<br> entries: struct lsa_ForestTrustRecord<br> flags : 0x00000000<br> (0)<br> 0: LSA_TLN_DISABLED_NEW<br> 0: LSA_TLN_DISABLED_ADMIN<br> 0: LSA_TLN_DISABLED_CONFLICT<br> 0: LSA_SID_DISABLED_ADMIN<br> 0: LSA_SID_DISABLED_CONFLICT<br> 0: LSA_NB_DISABLED_ADMIN<br> 0: LSA_NB_DISABLED_CONFLICT<br> type :<br> LSA_FOREST_TRUST_TOP_LEVEL_NAM<wbr>E (0)<br> time : Mon Apr 10<br> 08:43:18 2017 CEST<br> forest_trust_data : union<br> lsa_ForestTrustData(case 0)<br> top_level_name: struct lsa_StringLarge<br> length : 0x002c<br> (44)<br> size : 0x002e<br> (46)<br> string : *<br> string : '<br> <a href="http://prod.nyc.i.rdmedia.com" rel="noreferrer" target="_blank">prod.nyc.i.rdmedia.com</a>'<br> check_only : 0x00 (0)<br> rpc request data:<br> [0000] 00 00 00 00 E6 A5 CF 43 0A C1 A5 49 9B 75 F7 28 .......C<br> ...I.u.(<br> [0010] 4E E4 4A AC 1A 00 1C 00 00 00 02 00 0E 00 00 00 N.J.....<br> ........<br> [0020] 00 00 00 00 0D 00 00 00 69 00 2E 00 72 00 64 00 ........<br> i...r.d.<br> [0030] 6D 00 65 00 64 00 69 00 61 00 2E 00 63 00 6F 00 m.e.d.i.<br> a...c.o.<br> [0040] 6D 00 02 00 04 00 00 00 04 00 02 00 04 00 00 00 m.......<br> ........<br> [0050] 08 00 02 00 0C 00 02 00 10 00 02 00 14 00 02 00 ........<br> ........<br> [0060] 00 00 00 00 00 00 00 00 00 C7 B7 BC C5 B1 D2 01 ........<br> ........<br> [0070] 00 00 00 00 2C 00 2E 00 18 00 02 00 17 00 00 00 ....,...<br> ........<br> [0080] 00 00 00 00 16 00 00 00 74 00 65 00 73 00 74 00 ........<br> t.e.s.t.<br> [0090] 2E 00 61 00 6D 00 73 00 2E 00 69 00 2E 00 72 00 ..a.m.s.<br> ..i...r.<br> [00A0] 64 00 6D 00 65 00 64 00 69 00 61 00 2E 00 63 00 d.m.e.d.<br> i.a...c.<br> [00B0] 6F 00 6D 00 00 00 00 00 00 00 00 00 00 00 00 00 o.m.....<br> ........<br> [00C0] 00 C7 B7 BC C5 B1 D2 01 00 00 00 00 2C 00 2E 00 ........<br> ....,...<br> [00D0] 1C 00 02 00 17 00 00 00 00 00 00 00 16 00 00 00 ........<br> ........<br> [00E0] 70 00 72 00 6F 00 64 00 2E 00 61 00 6D 00 73 00 p.r.o.d.<br> ..a.m.s.<br> [00F0] 2E 00 69 00 2E 00 72 00 64 00 6D 00 65 00 64 00 ..i...r.<br> d.m.e.d.<br> [0100] 69 00 61 00 2E 00 63 00 6F 00 6D 00 00 00 00 00 i.a...c.<br> o.m.....<br> [0110] 00 00 00 00 00 00 00 00 00 C7 B7 BC C5 B1 D2 01 ........<br> ........<br> [0120] 00 00 00 00 1A 00 1C 00 20 00 02 00 0E 00 00 00 ........<br> .......<br> [0130] 00 00 00 00 0D 00 00 00 69 00 2E 00 72 00 64 00 ........<br> i...r.d.<br> [0140] 6D 00 65 00 64 00 69 00 61 00 2E 00 63 00 6F 00 m.e.d.i.<br> a...c.o.<br> [0150] 6D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 m.......<br> ........<br> [0160] 00 C7 B7 BC C5 B1 D2 01 00 00 00 00 2C 00 2E 00 ........<br> ....,...<br> [0170] 24 00 02 00 17 00 00 00 00 00 00 00 16 00 00 00 $.......<br> ........<br> [0180] 70 00 72 00 6F 00 64 00 2E 00 6E 00 79 00 63 00 p.r.o.d.<br> ..n.y.c.<br> [0190] 2E 00 69 00 2E 00 72 00 64 00 6D 00 65 00 64 00 ..i...r.<br> d.m.e.d.<br> [01A0] 69 00 61 00 2E 00 63 00 6F 00 6D 00 00 i.a...c. o.m..<br> signed SMB2 message<br> lsa_lsaRSetForestTrustInformat<wbr>ion: struct<br> lsa_lsaRSetForestTrustInformat<wbr>ion<br> out: struct lsa_lsaRSetForestTrustInformat<wbr>ion<br> collision_info : *<br> collision_info : NULL<br> result : NT_STATUS_INVALID_PARAMETER<br> rpc reply data:<br> [0000] 00 00 00 00 0D 00 00 C0 ........<br> [Fri Apr 14 13:05:15.626311 2017] [:error] [pid 22596] ipa: ERROR:<br> non-public: RuntimeError: (-1073741811, 'Unexpected information received')<br> [Fri Apr 14 13:05:15.626384 2017] [:error] [pid 22596] Traceback (most<br> recent call last):<br> [Fri Apr 14 13:05:15.626392 2017] [:error] [pid 22596] File<br> "/usr/lib/python2.7/site-packa<wbr>ges/ipaserver/rpcserver.py", line 366, in<br> wsgi_execute<br> [Fri Apr 14 13:05:15.626399 2017] [:error] [pid 22596] result =<br> command(*args, **options)<br> [Fri Apr 14 13:05:15.626405 2017] [:error] [pid 22596] File<br> "/usr/lib/python2.7/site-packa<wbr>ges/ipalib/frontend.py", line 449, in<br> __call__<br> [Fri Apr 14 13:05:15.626416 2017] [:error] [pid 22596] return<br> self.__do_call(*args, **options)<br> [Fri Apr 14 13:05:15.626422 2017] [:error] [pid 22596] File<br> "/usr/lib/python2.7/site-packa<wbr>ges/ipalib/frontend.py", line 477, in<br> __do_call<br> [Fri Apr 14 13:05:15.626428 2017] [:error] [pid 22596] ret =<br> self.run(*args, **options)<br> [Fri Apr 14 13:05:15.626434 2017] [:error] [pid 22596] File<br> "/usr/lib/python2.7/site-packa<wbr>ges/ipalib/frontend.py", line 799, in run<br> [Fri Apr 14 13:05:15.626439 2017] [:error] [pid 22596] return<br> self.execute(*args, **options)<br> [Fri Apr 14 13:05:15.626445 2017] [:error] [pid 22596] File<br> "/usr/lib/python2.7/site-packa<wbr>ges/ipaserver/plugins/trust.py<wbr>", line 739,<br> in<br> execute<br> [Fri Apr 14 13:05:15.626451 2017] [:error] [pid 22596] result =<br> self.execute_ad(full_join, *keys, **options)<br> [Fri Apr 14 13:05:15.626457 2017] [:error] [pid 22596] File<br> "/usr/lib/python2.7/site-packa<wbr>ges/ipaserver/plugins/trust.py<wbr>", line 989,<br> in<br> execute_ad<br> [Fri Apr 14 13:05:15.626463 2017] [:error] [pid 22596] trust_type<br> [Fri Apr 14 13:05:15.626468 2017] [:error] [pid 22596] File<br> "/usr/lib/python2.7/site-packa<wbr>ges/ipaserver/dcerpc.py", line 1683, in<br> join_ad_full_credentials<br> [Fri Apr 14 13:05:15.626474 2017] [:error] [pid 22596] trust_type,<br> trust_external)<br> [Fri Apr 14 13:05:15.626479 2017] [:error] [pid 22596] File<br> "/usr/lib/python2.7/site-packa<wbr>ges/ipaserver/dcerpc.py", line 1363, in<br> establish_trust<br> [Fri Apr 14 13:05:15.626485 2017] [:error] [pid 22596]<br> self.update_ftinfo(another_dom<wbr>ain)<br> [Fri Apr 14 13:05:15.626490 2017] [:error] [pid 22596] File<br> "/usr/lib/python2.7/site-packa<wbr>ges/ipaserver/dcerpc.py", line 1252, in<br> update_ftinfo<br> [Fri Apr 14 13:05:15.626495 2017] [:error] [pid 22596] ftinfo, 0)<br> [Fri Apr 14 13:05:15.626500 2017] [:error] [pid 22596] RuntimeError:<br> (-1073741811, 'Unexpected information received')<br> [Fri Apr 14 13:05:15.627265 2017] [:error] [pid 22596] ipa: INFO:<br> [jsonserver_session] <a href="mailto:admin@I.RDMEDIA.COM" target="_blank">admin@I.RDMEDIA.COM</a>: trust_add/1(u'office.rdmedia.c<br> om',<br> trust_type=u'ad', realm_admin=u'Administrator', realm_passwd=u'********',<br> version=u'2.213'): RuntimeError<br> <br> <br> <br> On 14 April 2017 at 10:23, Alexander Bokovoy <<a href="mailto:abokovoy@redhat.com" target="_blank">abokovoy@redhat.com</a>> wrote:<br> <br> On to, 13 huhti 2017, Alexander Bokovoy wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <br> On Thu, 13 Apr 2017, Tiemen Ruiten wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <br> Excerpt from the httpd error_log on the FreeIPA replica:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <br> [Thu Apr 13 11:17:44.<a href="tel:072996%202017" value="+31729962017" target="_blank">072996 2017</a>] [:error] [pid 28346] ipa: INFO:<br> [jsonserver_kerb] <a href="mailto:admin@I.RDMEDIA.COM" target="_blank">admin@I.RDMEDIA.COM</a>: ping(): SUCCESS<br> [Thu Apr 13 11:17:50.708019 2017] [:error] [pid 28347] ipa: ERROR:<br> non-public: RuntimeError: (-1073741811, 'Unexpected information<br> received')<br> <br> Please add 'log level = 10' to /usr/share/ipa/smb.conf.empty and re-try<br> </blockquote> 'ipa trust-add', then send me resulting error_log privately.<br> <br> To get back to the public mailing list, Tiemen sent me logs and I<br> </blockquote> confirm that this is the same as <a href="https://bugzilla.redhat.com/sh" rel="noreferrer" target="_blank">https://bugzilla.redhat.com/sh</a><br> ow_bug.cgi?id=1421869<br> <br> We currently have no solution to this problem (AD is subdomain of IPA<br> domain).<br> <br> --<br> / Alexander Bokovoy<br> <br> <br> </blockquote> <br> <br> --<br> Tiemen Ruiten<br> Systems Engineer<br> R&D Media<br> <br> </blockquote> <br> --<br> / Alexander Bokovoy<br> <br> </blockquote> <br> <br> <br> -- <br> Tiemen Ruiten<br> Systems Engineer<br> R&D Media<br> </blockquote> <br></div></div><span class="m_-4599915225421893340HOEnZb"><font color="#888888"> -- <br> / Alexander Bokovoy<br> </font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="m_-4599915225421893340gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Tiemen Ruiten<br>Systems Engineer<br>R&D Media<br></div></div> </div> </div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Tiemen Ruiten<br>Systems Engineer<br>R&D Media<br></div></div> </div>