[Freeipa-users] Centos 7 - ipa-server-3.3.3 AD trust trust-fetch-domains and add external group problem
Alexander Bokovoy
abokovoy at redhat.com
Fri Feb 27 10:23:32 UTC 2015
On Fri, 27 Feb 2015, mete bilgin wrote:
>[0000] 85 A6 68 FD 0D BF 20 B8 ..h... .
>s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4e2a90
>s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4e2a90
>s4_tevent: Destroying timer event 0x7fed9c0487b0 "tevent_req_timedout"
>s4_tevent: Destroying timer event 0x7fed9c044ed0 "dcerpc_timeout_handler"
>s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fed9c4e2760
>s4_tevent: Run immediate event "tevent_req_trigger": 0x7fed9c4e2760
> netr_LogonControl2Ex: struct netr_LogonControl2Ex
> out: struct netr_LogonControl2Ex
> query : *
> query : union
>netr_CONTROL_QUERY_INFORMATION(case 2)
> info2 : *
> info2: struct netr_NETLOGON_INFO_2
> flags : 0x00000080 (128)
> 0: NETLOGON_REPLICATION_NEEDED
> 0: NETLOGON_REPLICATION_IN_PROGRESS
> 0: NETLOGON_FULL_SYNC_REPLICATION
> 0: NETLOGON_REDO_NEEDED
> 0: NETLOGON_HAS_IP
> 0: NETLOGON_HAS_TIMESERV
> 0: NETLOGON_DNS_UPDATE_FAILURE
> 1: NETLOGON_VERIFY_STATUS_RETURNED
> pdc_connection_status : WERR_NO_LOGON_SERVERS
> trusted_dc_name : *
> trusted_dc_name : ''
> tc_connection_status : WERR_NO_LOGON_SERVERS
> result : WERR_OK
Here is the result -- AD DC was unable to reach IPA DC. Check your
firewall and DNS records.
For DNS, make sure you can resolve SRV record _ldap._tcp.IPADOMAIN.COM
from AD DC console.
http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#Verify_DNS_configuration
For firewall, see
http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#Firewall_configuration
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list