[Freeipa-users] Unable to establish trust with FreeIPA and Active Directory
Matthew W Hanley
mwhanley at syr.edu
Thu Apr 3 14:31:55 UTC 2014
I'm in the midst of setting up a trust with FreeIPA and Active Directory and am receiving the following error:
# ipa trust-add --type=ad ad.example.com --admin 'mwhanley' --password
Active directory domain administrator's password:
ipa: ERROR: Cannot find specified domain or server name
The FreeIPA server is running Fedora release 20, version 3.3.3-4 of FreeIPA and I have turned on debugging and get the following:
ps [Wed Apr 02 10:20:53.766064 2014] [:error] [pid 32522] ipa: INFO: admin at ipaexample.com: trust_add(u'ad.example.com', trust_type=u'ad', realm_admin=u'mwhanley', realm_passwd=u'********', all=False, raw=False, version=u'2.65'): NotFound
[Wed Apr 02 10:21:29.635077 2014] [:error] [pid 32521] ipa: INFO: admin at ipaexample.com: idrange_find(None, all=False, raw=False, version=u'2.65', pkey_only=False): SUCCESS
INFO: Current debug levels:
all: 11
tdb: 11
printdrivers: 11
lanman: 11
smb: 11
rpc_parse: 11
rpc_srv: 11
rpc_cli: 11
passdb: 11
sam: 11
auth: 11
winbind: 11
vfs: 11
idmap: 11
quota: 11
acls: 11
locking: 11
msdfs: 11
dmapi: 11
registry: 11
scavenger: 11
dns: 11
ldb: 11
pm_process() returned Yes
Using binding ncacn_np:host.ipaexample.com[,]
Mapped to DCERPC endpoint \pipe\lsarpc
added interface eth0 ip=xxx.xxx.xxx.xxx bcast=xxx.xxx.xxx.xxx netmask=255.255.255.0
added interface eth0 ip=xxx.xxx.xxx.xxx bcast=xxx.xxx.xxx.xxx netmask=255.255.255.0
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 0
SO_SNDBUF = 663750
SO_RCVBUF = 265452
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Ticket in credentials cache for admin at ipaexample.com will expire in 84015 secs
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically sealed
I've also done an "ipactl restart" to no avail. Any help would be appreciated.
-Matt
Matthew Hanley
IT Analyst
Syracuse University
mwhanley at syr.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140403/bb5d75b8/attachment.htm>
More information about the Freeipa-users
mailing list