[Freeipa-users] Unable to establish trust with FreeIPA and Active Directory

Matthew W Hanley mwhanley at syr.edu
Thu Apr 3 14:31:55 UTC 2014 

I'm in the midst of setting up a trust with FreeIPA and Active Directory and am receiving the following error:

# ipa trust-add --type=ad ad.example.com --admin 'mwhanley' --password
Active directory domain administrator's password:

ipa: ERROR: Cannot find specified domain or server name

The FreeIPA server is running Fedora release 20, version 3.3.3-4 of FreeIPA and I have turned on debugging and get the following:

ps [Wed Apr 02 10:20:53.766064 2014] [:error] [pid 32522] ipa: INFO: admin at ipaexample.com: trust_add(u'ad.example.com', trust_type=u'ad', realm_admin=u'mwhanley', realm_passwd=u'********', all=False, raw=False, version=u'2.65'): NotFound
[Wed Apr 02 10:21:29.635077 2014] [:error] [pid 32521] ipa: INFO: admin at ipaexample.com: idrange_find(None, all=False, raw=False, version=u'2.65', pkey_only=False): SUCCESS
INFO: Current debug levels:
  all: 11
  tdb: 11
  printdrivers: 11
  lanman: 11
  smb: 11
  rpc_parse: 11
  rpc_srv: 11
  rpc_cli: 11
  passdb: 11
  sam: 11
  auth: 11
  winbind: 11
  vfs: 11
  idmap: 11
  quota: 11
  acls: 11
  locking: 11
  msdfs: 11
  dmapi: 11
  registry: 11
  scavenger: 11
  dns: 11
  ldb: 11
pm_process() returned Yes
Using binding ncacn_np:host.ipaexample.com[,]
Mapped to DCERPC endpoint \pipe\lsarpc
added interface eth0 ip=xxx.xxx.xxx.xxx bcast=xxx.xxx.xxx.xxx netmask=255.255.255.0
added interface eth0 ip=xxx.xxx.xxx.xxx bcast=xxx.xxx.xxx.xxx netmask=255.255.255.0
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 0
SO_SNDBUF = 663750
SO_RCVBUF = 265452
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Ticket in credentials cache for admin at ipaexample.com will expire in 84015 secs
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically sealed

I've also done an "ipactl restart" to no avail.  Any help would be appreciated.

-Matt


Matthew Hanley
IT Analyst
Syracuse University
mwhanley at syr.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140403/bb5d75b8/attachment.htm>

More information about the Freeipa-users mailing list