Hello everyone,

I’m new to this and are trying to setup a working trust against an AD forrest, 
I seem to have a working trust but when I try to reference external groups (or 
users) I get:

# ipa group-add-member ad_users_external --external "AD2\Domain Users"
[member user]:
[member group]:
  Group name: ad_users_external
  Description: AD users external map
  Failed members:
    member user:
    member group: AD2\Domain Users: trusted domain object not found
-------------------------
Number of members added 0
-------------------------

I enable some logging and last in the mail is the output there from the command 
above, any suggestions what could cause this? Current version of IPA is 4.5.

Regards
Henrik

Tue Nov 21 13:10:42.675713 2017] [:warn] [pid 38221] [client 
192.168.6.82:34714] failed to set perms (3140) on file 
(/var/run/ipa/ccaches/ad...@idm.test.net)!, referer: 
https://ipaserver.idm.test.net/ipa/xml
string_to_sid: SID AD2\Domain Users is not in a valid format
lpcfg_load: refreshing parameters from /usr/share/ipa/smb.conf.empty
Processing section "[global]"
INFO: Current debug levels:
  all: 11
  tdb: 11
  printdrivers: 11
  lanman: 11
  smb: 11
  rpc_parse: 11
  rpc_srv: 11
  rpc_cli: 11
  passdb: 11
  sam: 11
  auth: 11
  winbind: 11
  vfs: 11
  idmap: 11
  quota: 11
  acls: 11
  locking: 11
  msdfs: 11
  dmapi: 11
  registry: 11
  scavenger: 11
  dns: 11
  ldb: 11
  tevent: 11
pm_process() returned Yes
added interface eno16780032 ip=192.168.6.82 bcast=192.168.6.255 
netmask=255.255.255.0
added interface eno33559296 ip=192.168.44.67 bcast=192.168.44.255 
netmask=255.255.255.0
added interface eno16780032 ip=192.168.6.82 bcast=192.168.6.255 
netmask=255.255.255.0
added interface eno33559296 ip=192.168.44.67 bcast=192.168.44.255 
netmask=255.255.255.0
added interface eno16780032 ip=192.168.6.82 bcast=192.168.6.255 
netmask=255.255.255.0
added interface eno33559296 ip=192.168.44.67 bcast=192.168.44.255 
netmask=255.255.255.0
added interface eno16780032 ip=192.168.6.82 bcast=192.168.6.255 
netmask=255.255.255.0
added interface eno33559296 ip=192.168.44.67 bcast=192.168.44.255 
netmask=255.255.255.0
finddcs: searching for a DC by DNS domain ad2.test.net
finddcs: looking for SRV records for _ldap._tcp.ad2.test.net
resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.ad2.test.net<0x0>
getlmhostsent: lmhost entry: 127.0.0.1 localhost
ads_dns_lookup_srv: 2 records returned in the answer section.
ads_dns_parse_rr_srv: Parsed adserver.ad2.test.net [0, 100, 389]
ads_dns_parse_rr_srv: Parsed adserver.ad2.test.net [0, 100, 389]
Addrs = 192.168.5.158@389/adserver,192.168.5.104@389/adserver
finddcs: DNS SRV response 0 at '192.168.5.158'
finddcs: DNS SRV response 1 at '192.168.5.104'
finddcs: performing CLDAP query on 192.168.5.158
     &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX
        command                  : LOGON_SAM_LOGON_RESPONSE_EX (23)
        sbz                      : 0x0000 (0)
        server_type              : 0x0001f1fc (127484)
               0: NBT_SERVER_PDC
               1: NBT_SERVER_GC
               1: NBT_SERVER_LDAP
               1: NBT_SERVER_DS
               1: NBT_SERVER_KDC
               1: NBT_SERVER_TIMESERV
               1: NBT_SERVER_CLOSEST
               1: NBT_SERVER_WRITABLE
               0: NBT_SERVER_GOOD_TIMESERV
               0: NBT_SERVER_NDNC
               0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
               1: NBT_SERVER_FULL_SECRET_DOMAIN_6
               1: NBT_SERVER_ADS_WEB_SERVICE
               1: NBT_SERVER_DS_8
               0: NBT_SERVER_HAS_DNS_NAME
               0: NBT_SERVER_IS_DEFAULT_NC
               0: NBT_SERVER_FOREST_ROOT
        domain_uuid              : 63c3a477-85f9-5f01-96e8-2597a5c48978
        forest                   : 'ad2.test.net'
        dns_domain               : 'ad2.test.net'
        pdc_dns_name             : 'adserver.ad2.test.net'
        domain_name              : 'AD2'
        pdc_name                 : 'adserver'
        user_name                : ''
        server_site              : 'AS001'
        client_site              : 'AS002'
        sockaddr_size            : 0x00 (0)
        sockaddr: struct nbt_sockaddr
            sockaddr_family          : 0x00000000 (0)
            pdc_ip                   : (null)
            remaining                : DATA_BLOB length=0
        next_closest_site        : NULL
        nt_version               : 0x00000005 (5)
               1: NETLOGON_NT_VERSION_1
               0: NETLOGON_NT_VERSION_5
               1: NETLOGON_NT_VERSION_5EX
               0: NETLOGON_NT_VERSION_5EX_WITH_IP
               0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
               0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
               0: NETLOGON_NT_VERSION_PDC
               0: NETLOGON_NT_VERSION_IP
               0: NETLOGON_NT_VERSION_LOCAL
               0: NETLOGON_NT_VERSION_GC
        lmnt_token               : 0xffff (65535)
        lm20_token               : 0xffff (65535)
finddcs: Found matching DC 192.168.5.158 with server_type=0x0001f1fc
[Tue Nov 21 13:10:42.740320 2017] [:error] [pid 26496] ipa: INFO: 
[jsonserver_session] ad...@idm.test.net: 
group_add_member/1(u'ad_users_external', ipaexternalmember=(u'AD2\\\\Domain 
Users',), version=u'2.228'): SUCCESS
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to