[Freeipa-users] problems with trust with AD (2 different domains
Natxo Asenjo
natxo.asenjo at gmail.com
Fri Apr 19 09:03:02 UTC 2013
hi,
while following the instructions in
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/trust-diff-dns-domains.html
I run step 9:
smbclient -L kdc.ipa.asenjo.nx -k
lp_load_ex: changing to config backend registry
Connection to kdc.ipa.asenjo.nx failed (Error NT_STATUS_CONNECTION_REFUSED)
I have a valid ticket:
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin at IPA.ASENJO.NX
Valid starting Expires Service principal
04/19/13 08:46:48 04/20/13 08:46:48 krbtgt/IPA.ASENJO.NX at IPA.ASENJO.NX
04/19/13 08:56:59 04/20/13 08:46:48 HTTP/kdc.ipa.asenjo.nx at IPA.ASENJO.NX
and I see this on the /var/log/messages:
Apr 19 10:54:06 kdc winbindd[6379]: [2013/04/19 10:54:06.497215, 0]
ipa_sam.c:3689(bind_callback_cleanup)
Apr 19 10:54:06 kdc winbindd[6379]: kerberos error: code=-1765328203,
message=Keytab contains no suitable keys for cifs/kdc at IPA.ASENJO.NX
Apr 19 10:54:06 kdc winbindd[6379]: [2013/04/19 10:54:06.498194, 0]
../source3/lib/smbldap.c:998(smbldap_connect_system)
Apr 19 10:54:06 kdc winbindd[6379]: failed to bind to server
ldapi://%2fvar%2frun%2fslapd-IPA-ASENJO-NX.socket with dn="[Anonymous
bind]" Error: Local error
Apr 19 10:54:06 kdc winbindd[6379]: #011(unknown)
Apr 19 10:54:07 kdc winbindd[6379]: [2013/04/19 10:54:07.500882, 0]
ipa_sam.c:3689(bind_callback_cleanup)
Apr 19 10:54:07 kdc winbindd[6379]: kerberos error: code=-1765328203,
message=Keytab contains no suitable keys for cifs/kdc at IPA.ASENJO.NX
and shortly afterwards winbindd dumps core:
Apr 19 10:59:22 kdc winbindd[6568]: [2013/04/19 10:59:22.625708, 0]
ipa_sam.c:4001(pdb_init_ipasam)
Apr 19 10:59:22 kdc winbindd[6568]: Failed to get base DN.
Apr 19 10:59:22 kdc winbindd[6568]: [2013/04/19 10:59:22.625837, 0]
../source3/passdb/pdb_interface.c:177(make_pdb_method_name)
Apr 19 10:59:22 kdc winbindd[6568]: pdb backend
ipasam:ldapi://%2fvar%2frun%2fslapd-IPA-ASENJO-NX.socket did not correctly
init (error was NT_STATUS_UNSUCCESSFUL)
Apr 19 10:59:22 kdc winbindd[6568]: [2013/04/19 10:59:22.626032, 0]
../source3/lib/util.c:810(smb_panic_s3)
Apr 19 10:59:22 kdc winbindd[6568]: PANIC (pid 6568): pdb_get_methods:
failed to get pdb methods for backend
ipasam:ldapi://%2fvar%2frun%2fslapd-IPA-ASENJO-NX.socket
Apr 19 10:59:22 kdc winbindd[6568]:
Apr 19 10:59:22 kdc winbindd[6568]: [2013/04/19 10:59:22.627382, 0]
../source3/lib/util.c:921(log_stack_trace)
Apr 19 10:59:22 kdc winbindd[6568]: BACKTRACE: 27 stack frames:
Apr 19 10:59:22 kdc winbindd[6568]: #0
/usr/lib/libsmbconf.so.0(log_stack_trace+0x2e) [0x4e69de]
Apr 19 10:59:22 kdc winbindd[6568]: #1
/usr/lib/libsmbconf.so.0(smb_panic_s3+0x32) [0x4e6b02]
Apr 19 10:59:22 kdc winbindd[6568]: #2
/usr/lib/libsamba-util.so.0(smb_panic+0x20b) [0x7faf6b]
Apr 19 10:59:22 kdc winbindd[6568]: #3 /usr/lib/libpdb.so.0(+0x1f884)
[0x2a6884]
Apr 19 10:59:22 kdc winbindd[6568]: #4
/usr/lib/libpdb.so.0(pdb_capabilities+0xc) [0x2a6d0c]
Apr 19 10:59:22 kdc winbindd[6568]: #5
winbindd(_lsa_EnumTrustedDomainsEx+0x26) [0x80ee736]
Apr 19 10:59:22 kdc winbindd[6568]: #6 winbindd() [0x80fb440]
Apr 19 10:59:22 kdc winbindd[6568]: #7 winbindd() [0x80c7e58]
Apr 19 10:59:22 kdc winbindd[6568]: #8
/usr/lib/libdcerpc-binding.so.0(dcerpc_binding_handle_raw_call_send+0xaf)
[0x369289f]
Apr 19 10:59:22 kdc winbindd[6568]: #9
/usr/lib/libdcerpc-binding.so.0(dcerpc_binding_handle_call_send+0x2ac)
[0x3692bac]
Apr 19 10:59:22 kdc winbindd[6568]: #10
/usr/lib/libdcerpc-binding.so.0(dcerpc_binding_handle_call+0x6a) [0x3692cca]
Apr 19 10:59:22 kdc winbindd[6568]: #11
/usr/lib/samba/libdcerpc-samba.so(dcerpc_lsa_EnumTrustedDomainsEx_r+0x55)
[0x3716165]
Apr 19 10:59:22 kdc winbindd[6568]: #12
/usr/lib/samba/libdcerpc-samba.so(dcerpc_lsa_EnumTrustedDomainsEx+0x50)
[0x37161d0]
Apr 19 10:59:22 kdc winbindd[6568]: #13
winbindd(rpc_trusted_domains+0xa3) [0x808edb3]
Apr 19 10:59:22 kdc winbindd[6568]: #14 winbindd() [0x809662a]
Apr 19 10:59:22 kdc winbindd[6568]: #15 winbindd() [0x8076d5c]
Apr 19 10:59:22 kdc winbindd[6568]: #16
winbindd(winbindd_dual_list_trusted_domains+0x51) [0x80844b1]
Apr 19 10:59:22 kdc winbindd[6568]: #17 winbindd() [0x809c4fc]
Apr 19 10:59:22 kdc winbindd[6568]: #18 winbindd() [0x809d19d]
Apr 19 10:59:22 kdc winbindd[6568]: #19 /usr/lib/libtevent.so.0()
[0xda9d15]
Apr 19 10:59:22 kdc winbindd[6568]: #20
/usr/lib/libtevent.so.0(tevent_common_loop_immediate+0xef) [0xda987f]
Apr 19 10:59:22 kdc winbindd[6568]: #21
/usr/lib/libsmbconf.so.0(run_events_poll+0x41) [0x4ff9a1]
Apr 19 10:59:22 kdc winbindd[6568]: #22
/usr/lib/libsmbconf.so.0(+0x36186) [0x500186]
Apr 19 10:59:22 kdc winbindd[6568]: #23
/usr/lib/libtevent.so.0(_tevent_loop_once+0x98) [0xda8c18]
Apr 19 10:59:22 kdc winbindd[6568]: #24 winbindd(main+0x973) [0x806ddd3]
Apr 19 10:59:22 kdc winbindd[6568]: #25
/lib/libc.so.6(__libc_start_main+0xe6) [0xe13ce6]
Apr 19 10:59:22 kdc winbindd[6568]: #26 winbindd() [0x8060271]
Apr 19 10:59:22 kdc winbindd[6568]: [2013/04/19 10:59:22.630601, 0]
../source3/lib/dumpcore.c:317(dump_core)
Apr 19 10:59:22 kdc winbindd[6568]: dumping core in
/var/log/samba/cores/winbindd
Apr 19 10:59:22 kdc winbindd[6568]:
Apr 19 10:59:22 kdc abrtd: Directory 'ccpp-2013-04-19-10:59:22-6568'
creation detected
Apr 19 10:59:22 kdc abrt[6571]: Saved core dump of pid 6568
(/usr/sbin/winbindd) to /var/spool/abrt/ccpp-2013-04-19-10:59:22-6568
(1814528 bytes)
--
Groeten,
natxo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130419/0c5e0ccd/attachment.htm>
More information about the Freeipa-users
mailing list