[Freeipa-users] Trust is successful and getting error while creating groups.
Ben .T.George
bentech4you at gmail.com
Thu Mar 5 05:40:21 UTC 2015
Hi
i have re-installed everything . my current versions are Centos 7 with IPA
4.1
i followed this tutorial:
http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup
when i fetch , it went successful:
*[root at kwtpocpbis01 ~]# ipa trustdomain-find "infra.com <http://infra.com>"*
* Domain name: infra.com <http://infra.com>*
* Domain NetBIOS name: INFRA*
* Domain Security Identifier: S-1-5-21-191287045-4012216658-3592112898*
* Domain enabled: True*
*----------------------------*
*Number of entries returned 1*
*----------------------------*
*[root at kwtpocpbis01 ~]# ipa trustdomain-find "infra.com <http://infra.com>"*
* Domain name: infra.com <http://infra.com>*
* Domain NetBIOS name: INFRA*
* Domain Security Identifier: S-1-5-21-191287045-4012216658-3592112898*
* Domain enabled: True*
*----------------------------*
*Number of entries returned 1*
*----------------------------*
when i gone through "Allow access for users from AD domain to protected
resources", i am getting errors,
*[root at kwtpocpbis01 ~]# ipa group-add --desc='infra.com <http://infra.com>
users external map' ad_users_external --external*
*-------------------------------*
*Added group "ad_users_external"*
*-------------------------------*
* Group name: ad_users_external*
* Description: infra.com <http://infra.com> users external map*
*[root at kwtpocpbis01 ~]# ipa group-add --desc='infra.com <http://infra.com>
users' ad_users*
*----------------------*
*Added group "ad_users"*
*----------------------*
* Group name: ad_users*
* Description: infra.com <http://infra.com> users*
* GID: 643400005*
*[root at kwtpocpbis01 ~]# ipa group-add-member ad_users_external --external
'INFRA\Domain Users'*
*[member user]:*
*[member group]:*
* Group name: ad_users_external*
* Description: infra.com <http://infra.com> users external map*
* Failed members:*
* member user:*
* member group: INFRA\Domain Users: trusted domain object not found*
*-------------------------*
*Number of members added 0*
*-------------------------*
*[root at kwtpocpbis01 ~]# ipa group-add-member ad_users --groups
ad_users_external*
* Group name: ad_users*
* Description: infra.com <http://infra.com> users*
* GID: 643400005*
* Member groups: ad_users_external*
*-------------------------*
*Number of members added 1*
*-------------------------*
please help me to solve this issue:
below error is getting on httpd/error_log while trying : *ipa
group-add-member ad_users_external --external 'INFRA\Domain Users'*
*[Thu Mar 05 11:36:37.371594 2015] [:error] [pid 4090] ipa: WARNING: Search
on AD DC kwtipaad001.infra.com:3268 <http://kwtipaad001.infra.com:3268>
failed with: Insufficient access: SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure. Minor code may provide more information (Ticket
not yet valid)*
*[Thu Mar 05 11:36:37.374280 2015] [:error] [pid 4090] ipa: INFO:
[jsonserver_kerb] admin at SOLARIS.LOCAL:
group_add_member(u'ad_users_external', ipaexternalmember=(u'INFRA\\\\Domain
Users',), all=False, raw=False, version=u'2.113', no_members=False):
SUCCESS*
Thanks & Regards,
Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150305/c984b21a/attachment.htm>
More information about the Freeipa-users
mailing list