[Freeipa-users] FreeIPA Active directory Integration: ipa "unknown command trustdomain-fetch"

Thu Sep 11 13:18:19 UTC 2014

Hi List

I'm currently working through the IPAv3 AD integration document at:

http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup

I've managed to establish a trust between the IdM and the AD server.
However, when I run the command:

---
[root at kwtpocidm001 ~]# ipa trustdomain-fetch "mhatest.local"
ipa: ERROR: unknown command 'trustdomain-fetch'
---

It would appear the  'trustdomain-fetch' command is not present anymore or
has been replaced with something else?
I speculate it's this:

---
[root at kwtpocidm001 ~]# ipa trust-fetch-domains "mhatest.local"
ipa: ERROR: AD domain controller complains about communication sequence. It
may mean unsynchronized time on both sides, for example
---

Is this correct?

If indeed "trust-fetch-domains" is the correct command, then .w.r.t this
error message:

"ipa: ERROR: AD domain controller complains about communication sequence.
It may mean unsynchronized time on both sides, for example"

a) Checked the time synch on the AD server and the RHEL 7 IdM server and
it's fine.
b) Here's a snippet around the error when running ipa with "-d":

----
ipa: DEBUG: approved_usage = SSL Server intended_usage = SSL Server
ipa: DEBUG: cert valid True for
"CN=kwtpocidm001.linux.mhatest.local,O=LINUX.MHATEST.LOCAL"
ipa: DEBUG: handshake complete, peer = 172.16.107.108:443
ipa: DEBUG: received Set-Cookie
'ipa_session=1fe28460c7ec75d6da8d7e3b53c2e51f;
Domain=kwtpocidm001.linux.mhatest.local; Path=/ipa; Expires=Thu, 11 Sep
2014 13:12:02 GMT; Secure; HttpOnly'
ipa: DEBUG: storing cookie 'ipa_session=1fe28460c7ec75d6da8d7e3b53c2e51f;
Domain=kwtpocidm001.linux.mhatest.local; Path=/ipa; Expires=Thu, 11 Sep
2014 13:12:02 GMT; Secure; HttpOnly' for principal admin at LINUX.MHATEST.LOCAL
ipa: DEBUG: Starting external process
ipa: DEBUG: args=keyctl search @s user
ipa_session_cookie:admin at LINUX.MHATEST.LOCAL
ipa: DEBUG: Process finished, return code=0
ipa: DEBUG: stdout=334684795
ipa: DEBUG: stderr=
ipa: DEBUG: Starting external process
ipa: DEBUG: args=keyctl search @s user
ipa_session_cookie:admin at LINUX.MHATEST.LOCAL
ipa: DEBUG: Process finished, return code=0
ipa: DEBUG: stdout=334684795
ipa: DEBUG: stderr=
ipa: DEBUG: Starting external process
ipa: DEBUG: args=keyctl pupdate 334684795
ipa: DEBUG: Process finished, return code=0
ipa: DEBUG: stdout=
ipa: DEBUG: stderr=
ipa: DEBUG: Caught fault 4016 from server
https://kwtpocidm001.linux.mhatest.local/ipa/session/xml: AD domain
controller complains about communication sequence. It may mean
unsynchronized time on both sides, for example
ipa: DEBUG: Destroyed connection context.xmlclient
ipa: ERROR: AD domain controller complains about communication sequence. It
may mean unsynchronized time on both sides, for example
----

Many thanks in advance for any assistance!

Traiano
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140911/f1d394b3/attachment.htm>