[Freeipa-users] problems with trust with AD (2 different domains

Natxo Asenjo natxo.asenjo at gmail.com
Fri Apr 19 09:03:02 UTC 2013 

hi,

while following the instructions in
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/trust-diff-dns-domains.html

I run step 9:

smbclient -L kdc.ipa.asenjo.nx -k
lp_load_ex: changing to config backend registry
Connection to kdc.ipa.asenjo.nx failed (Error NT_STATUS_CONNECTION_REFUSED)

I have a valid ticket:

# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin at IPA.ASENJO.NX

Valid starting     Expires            Service principal
04/19/13 08:46:48  04/20/13 08:46:48  krbtgt/IPA.ASENJO.NX at IPA.ASENJO.NX
04/19/13 08:56:59  04/20/13 08:46:48  HTTP/kdc.ipa.asenjo.nx at IPA.ASENJO.NX

and I see this on the /var/log/messages:

Apr 19 10:54:06 kdc winbindd[6379]: [2013/04/19 10:54:06.497215,  0]
ipa_sam.c:3689(bind_callback_cleanup)
Apr 19 10:54:06 kdc winbindd[6379]:   kerberos error: code=-1765328203,
message=Keytab contains no suitable keys for cifs/kdc at IPA.ASENJO.NX
Apr 19 10:54:06 kdc winbindd[6379]: [2013/04/19 10:54:06.498194,  0]
../source3/lib/smbldap.c:998(smbldap_connect_system)
Apr 19 10:54:06 kdc winbindd[6379]:   failed to bind to server
ldapi://%2fvar%2frun%2fslapd-IPA-ASENJO-NX.socket with dn="[Anonymous
bind]" Error: Local error
Apr 19 10:54:06 kdc winbindd[6379]:   #011(unknown)
Apr 19 10:54:07 kdc winbindd[6379]: [2013/04/19 10:54:07.500882,  0]
ipa_sam.c:3689(bind_callback_cleanup)
Apr 19 10:54:07 kdc winbindd[6379]:   kerberos error: code=-1765328203,
message=Keytab contains no suitable keys for cifs/kdc at IPA.ASENJO.NX

and shortly afterwards winbindd dumps core:

Apr 19 10:59:22 kdc winbindd[6568]: [2013/04/19 10:59:22.625708,  0]
ipa_sam.c:4001(pdb_init_ipasam)
Apr 19 10:59:22 kdc winbindd[6568]:   Failed to get base DN.
Apr 19 10:59:22 kdc winbindd[6568]: [2013/04/19 10:59:22.625837,  0]
../source3/passdb/pdb_interface.c:177(make_pdb_method_name)
Apr 19 10:59:22 kdc winbindd[6568]:   pdb backend
ipasam:ldapi://%2fvar%2frun%2fslapd-IPA-ASENJO-NX.socket did not correctly
init (error was NT_STATUS_UNSUCCESSFUL)
Apr 19 10:59:22 kdc winbindd[6568]: [2013/04/19 10:59:22.626032,  0]
../source3/lib/util.c:810(smb_panic_s3)
Apr 19 10:59:22 kdc winbindd[6568]:   PANIC (pid 6568): pdb_get_methods:
failed to get pdb methods for backend
ipasam:ldapi://%2fvar%2frun%2fslapd-IPA-ASENJO-NX.socket
Apr 19 10:59:22 kdc winbindd[6568]:
Apr 19 10:59:22 kdc winbindd[6568]: [2013/04/19 10:59:22.627382,  0]
../source3/lib/util.c:921(log_stack_trace)
Apr 19 10:59:22 kdc winbindd[6568]:   BACKTRACE: 27 stack frames:
Apr 19 10:59:22 kdc winbindd[6568]:    #0
/usr/lib/libsmbconf.so.0(log_stack_trace+0x2e) [0x4e69de]
Apr 19 10:59:22 kdc winbindd[6568]:    #1
/usr/lib/libsmbconf.so.0(smb_panic_s3+0x32) [0x4e6b02]
Apr 19 10:59:22 kdc winbindd[6568]:    #2
/usr/lib/libsamba-util.so.0(smb_panic+0x20b) [0x7faf6b]
Apr 19 10:59:22 kdc winbindd[6568]:    #3 /usr/lib/libpdb.so.0(+0x1f884)
[0x2a6884]
Apr 19 10:59:22 kdc winbindd[6568]:    #4
/usr/lib/libpdb.so.0(pdb_capabilities+0xc) [0x2a6d0c]
Apr 19 10:59:22 kdc winbindd[6568]:    #5
winbindd(_lsa_EnumTrustedDomainsEx+0x26) [0x80ee736]
Apr 19 10:59:22 kdc winbindd[6568]:    #6 winbindd() [0x80fb440]
Apr 19 10:59:22 kdc winbindd[6568]:    #7 winbindd() [0x80c7e58]
Apr 19 10:59:22 kdc winbindd[6568]:    #8
/usr/lib/libdcerpc-binding.so.0(dcerpc_binding_handle_raw_call_send+0xaf)
[0x369289f]
Apr 19 10:59:22 kdc winbindd[6568]:    #9
/usr/lib/libdcerpc-binding.so.0(dcerpc_binding_handle_call_send+0x2ac)
[0x3692bac]
Apr 19 10:59:22 kdc winbindd[6568]:    #10
/usr/lib/libdcerpc-binding.so.0(dcerpc_binding_handle_call+0x6a) [0x3692cca]
Apr 19 10:59:22 kdc winbindd[6568]:    #11
/usr/lib/samba/libdcerpc-samba.so(dcerpc_lsa_EnumTrustedDomainsEx_r+0x55)
[0x3716165]
Apr 19 10:59:22 kdc winbindd[6568]:    #12
/usr/lib/samba/libdcerpc-samba.so(dcerpc_lsa_EnumTrustedDomainsEx+0x50)
[0x37161d0]
Apr 19 10:59:22 kdc winbindd[6568]:    #13
winbindd(rpc_trusted_domains+0xa3) [0x808edb3]
Apr 19 10:59:22 kdc winbindd[6568]:    #14 winbindd() [0x809662a]
Apr 19 10:59:22 kdc winbindd[6568]:    #15 winbindd() [0x8076d5c]
Apr 19 10:59:22 kdc winbindd[6568]:    #16
winbindd(winbindd_dual_list_trusted_domains+0x51) [0x80844b1]
Apr 19 10:59:22 kdc winbindd[6568]:    #17 winbindd() [0x809c4fc]
Apr 19 10:59:22 kdc winbindd[6568]:    #18 winbindd() [0x809d19d]
Apr 19 10:59:22 kdc winbindd[6568]:    #19 /usr/lib/libtevent.so.0()
[0xda9d15]
Apr 19 10:59:22 kdc winbindd[6568]:    #20
/usr/lib/libtevent.so.0(tevent_common_loop_immediate+0xef) [0xda987f]
Apr 19 10:59:22 kdc winbindd[6568]:    #21
/usr/lib/libsmbconf.so.0(run_events_poll+0x41) [0x4ff9a1]
Apr 19 10:59:22 kdc winbindd[6568]:    #22
/usr/lib/libsmbconf.so.0(+0x36186) [0x500186]
Apr 19 10:59:22 kdc winbindd[6568]:    #23
/usr/lib/libtevent.so.0(_tevent_loop_once+0x98) [0xda8c18]
Apr 19 10:59:22 kdc winbindd[6568]:    #24 winbindd(main+0x973) [0x806ddd3]
Apr 19 10:59:22 kdc winbindd[6568]:    #25
/lib/libc.so.6(__libc_start_main+0xe6) [0xe13ce6]
Apr 19 10:59:22 kdc winbindd[6568]:    #26 winbindd() [0x8060271]
Apr 19 10:59:22 kdc winbindd[6568]: [2013/04/19 10:59:22.630601,  0]
../source3/lib/dumpcore.c:317(dump_core)
Apr 19 10:59:22 kdc winbindd[6568]:   dumping core in
/var/log/samba/cores/winbindd
Apr 19 10:59:22 kdc winbindd[6568]:
Apr 19 10:59:22 kdc abrtd: Directory 'ccpp-2013-04-19-10:59:22-6568'
creation detected
Apr 19 10:59:22 kdc abrt[6571]: Saved core dump of pid 6568
(/usr/sbin/winbindd) to /var/spool/abrt/ccpp-2013-04-19-10:59:22-6568
(1814528 bytes)


--
Groeten,
natxo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130419/0c5e0ccd/attachment.htm>

More information about the Freeipa-users mailing list