[Freeipa-users] IPA ERROR: non-public: TypeError -- ipa trust-add internal server error

David Fox paw at 4gotten.me
Thu Jul 2 09:30:18 UTC 2015 

On 2015-07-01 19:34, Alexander Bokovoy wrote:
> On Wed, 01 Jul 2015, David Fox wrote:
>> I am encountering issues trying to integrate FreeIPA with AD, on *nix 
>> promp I get "internal server rror" and within I receive the following 
>> message in httpd_errorlog.
>> [0070] 00 00 00 00 0D 00 00 00   69 00 70 00 61 00 2E 00   ........ 
>> i.p.a...
>> [0080] 68 00 73 00 61 00 2E 00   63 00 6F 00 2E 00 75 00   ... 
>> c.o...u.
>> [0090] 6B 00 00 00 00 00 00 00                            k.......
>> [Tue Jun 30 13:17:01.369249 2015] [:error] [pid 1063] ipa: ERROR: 
>> non-public: TypeError: default/librpc/gen_ndr/py_lsa.c:9436: Expected 
>> type 'security.dom_sid' for 'py_dom_sid' of type 'NoneType'
>> [Tue Jun 30 13:17:01.369285 2015] [:error] [pid 1063] Traceback (most 
>> recent call last):
>> [Tue Jun 30 13:17:01.369289 2015] [:error] [pid 1063]   File 
>> "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 348, 
>> in wsgi_execute
>> [Tue Jun 30 13:17:01.369292 2015] [:error] [pid 1063]     result = 
>> self.Command[name](*args, **options)
>> [Tue Jun 30 13:17:01.369294 2015] [:error] [pid 1063]   File 
>> "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 439, in 
>> __call__
>> [Tue Jun 30 13:17:01.369303 2015] [:error] [pid 1063]     ret = 
>> self.run(*args, **options)
>> [Tue Jun 30 13:17:01.369306 2015] [:error] [pid 1063]   File 
>> "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 754, in 
>> run
>> [Tue Jun 30 13:17:01.369308 2015] [:error] [pid 1063]     return 
>> self.execute(*args, **options)
>> [Tue Jun 30 13:17:01.369310 2015] [:error] [pid 1063]   File 
>> "/usr/lib/python2.7/site-packages/ipalib/plugins/trust.py", line 474, 
>> in execute
>> [Tue Jun 30 13:17:01.369313 2015] [:error] [pid 1063]     result = 
>> self.execute_ad(full_join, *keys, **options)
>> [Tue Jun 30 13:17:01.369315 2015] [:error] [pid 1063]   File 
>> "/usr/lib/python2.7/site-packages/ipalib/plugins/trust.py", line 709, 
>> in execute_ad
>> [Tue Jun 30 13:17:01.369318 2015] [:error] [pid 1063]     
>> self.realm_passwd
>> [Tue Jun 30 13:17:01.369320 2015] [:error] [pid 1063]   File 
>> "/usr/lib/python2.7/site-packages/ipaserver/dcerpc.py", line 1222, in 
>> join_ad_full_credentials
>> [Tue Jun 30 13:17:01.369323 2015] [:error] [pid 1063]     
>> self.remote_domain.establish_trust(self.local_domain, trustdom_pass)
>> [Tue Jun 30 13:17:01.369325 2015] [:error] [pid 1063]   File 
>> "/usr/lib/python2.7/site-packages/ipaserver/dcerpc.py", line 963, in 
>> establish_trust
>> [Tue Jun 30 13:17:01.369327 2015] [:error] [pid 1063]     
>> self._pipe.DeleteTrustedDomain(self._policy_handle, res.info_ex.sid)
>> [Tue Jun 30 13:17:01.369330 2015] [:error] [pid 1063] TypeError: 
>> default/librpc/gen_ndr/py_lsa.c:9436: Expected type 'security.dom_sid' 
>> for 'py_dom_sid' of type 'NoneType'
>> [Tue Jun 30 13:17:01.369648 2015] [:error] [pid 1063] ipa: INFO: 
>> [jsonserver_session] admin at IPA.*redacted*: trust_add(u'*redacted*', 
>> trust_type=u'ad', realm_admin=u'*redacted*', realm_passwd=u'********', 
>> all=False, raw=False, version=u'2.112'): TypeError
>> 
>> 
>> These are whole logs with "log level = 100" set in smb.conf.empty. Log 
>> files were emptied before the above command was ran. If there is any 
>> other information required please let me know.
>> 
>> Software versions:
>> Fedora 22: 4.1.4
>> Fedora 22: 4.2 Alpha 1
>> 
>> Oracle Linux 7.1 64bit: without DNS
>> ipa-server.x86_64 - 4.1.0-18.0.1-el17_1.3
>> ipa-server-trust-ad.x86_64 - 4.1.0-18.0.1-el17_1.3
>> 
>> CentOS 7.1 64bit: With DNS
>> ipa-server.x86_64 - 4.1.0-18-el7.centos.3
>> ipa-server-trust-ad.x86_64 - 4.1.0-18-el7.centos.3
> It is unclear from your report what exact distro causing this issue for
> you. Is this with Fedora 22 (e.g. Samba 4.2)?

This error isn't limited to just one distro. I've tried three different 
distros which all throw the same error as above.

CentOS 7.1
Samba - 4.1.12
Python 2.7.5
FreeIPA - 4.1.0

Oracle Linux 7.1
Samba - 4.1.12
Python 2.7.5
FreeIPA - 4.1.0

Fedora 22
Samba - 4.2.2
Python - 2.7.10
FreeIPA - 4.2.0

Regards,
David

More information about the Freeipa-users mailing list