[Freeipa-users] testing AD trust on Fedora 18

John Dennis jdennis at redhat.com
Tue Dec 18 20:56:27 UTC 2012 

On 12/18/2012 03:30 PM, Sumit Bose wrote:
> On Tue, Dec 18, 2012 at 03:16:47PM -0500, John Dennis wrote:
>> On 12/18/2012 01:26 PM, Andre Rodrigues wrote:
>>> Hi all,
>>> I'm testing AD trust following this how to:
>>> http://www.freeipa.org/page/IPAv3_testing_AD_trust
>>> but when I set "ipa dnszone-add" I get this:
>>> [root at m ~] ipa dnszone-add <AD.DOMAIN> --name-server=<AD.NAME
>>> <http://AD.NAME>> --admin-email=<MY.EMAIL> --force --forwarder=<AD.IP>
>>> –forward-policy=only
>>> ipa: ERROR: unable to parse cookie header
>>> 'ipa_session=f963e8e4006fdcd79e1a2a5a989b4d01; Domain=<IPA.DOMAIN>;
>>> Path=/ipa; Expires=Thu, 18 Dec 2012 13:54:33 GMT; Secure; HttpOnly':
>>> unable to parse expires datetime 'Thu, 18 Dec 2012 13:54:33'
>>
>> This is an error message from something I wrote. I can't explain why
>> it can't parse the expires cookie attribute because using the value
>> cited in the error message it parses just fine. The only thing I can
>> think of is that the time module was not imported in cookie.py, but
>> in my copy of the file it is imported.
>>
>> However one thing I did immediately notice, the cookie has
>> Domain=<IPA.DOMAIN>, that's not valid, it's supposed to be a FQDN.
>> What is the value of xmlrpc_uri in your /etc/ipa/default.conf?
>>
>>>
>>> and when I set "ipa trust-add" I get the following error:
>>> [root at m ~] ipa trust-add --type=ad <AD.DOMAIN> --admin Adminstrator
>>> --password
>>> Active directory domain administrator's password:
>>> ipa: ERROR: unable to parse cookie header
>>> 'ipa_session=7d6aeb2c92ff3197a9d3c04421f6ba15; Domain=<IPA.DOMAIN>;
>>> Path=/ipa; Expires=Tue, 18 Dec 2012 18:32:05 GMT; Secure; HttpOnly':
>>> unable to parse expires datetime 'Tue, 18 Dec 2012 18:32:05'
>>
>> Sorry, someone else will have to help you with the below:
>
> I guess this error message is just triggered by the cookie error.

In theory no, the inability to process a cookie should do nothing other 
than log the fact, everything else should proceed as normal (without 
cookies you just get slower performance, but it should continue to work).

However, the values in the cookie show something is very wrong with the 
configuration.

Please provide the contents of /etc/ipa/default.conf.

Do you have a .ipa/default.conf file set? If so that overrides the 
values in /etc/ipa/default.conf. If you have that as well please provide 
that as well.

Adding verbose debugging information will help. Add the -d option to the 
ipa command to turn on debug level information and capture the output. 
Those messages will help us diagnose the problem.

>
> bye,
> Sumit
>
>>
>>> ipa: ERROR: Cannot perform join operation without Samba 4 support installed.
>>>                                Make sure you have installed
>>> server-trust-ad sub-package of IPA
>>>
>>> but I have the server-trust-ad installed:--


-- 
John Dennis <jdennis at redhat.com>

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

More information about the Freeipa-users mailing list