Hi,
On Fri, Jun 24, 2022 at 9:54 AM Ronald Wimmer via FreeIPA-users <
[email protected]> wrote:
> Hi,
>
> we have set up two more IPA environments. Today we tried to establish
> the trust to the AD domain but unfortunately we were not successful:
>
> [root@pipag01 ~]# ipa trust-add --type=ad someaddomain.at --admin
> someadadmin --password
> Active Directory domain administrator's password:
> ipa: ERROR: CIFS server communication error: code "3221225653", message
> "{Device Timeout} The specified I/O operation on %hs was not completed
> before the time-out period expired." (both may be "None")
>
> What might be the cause? Where should we take a closer look?
>
>
If you want to troubleshoot, the official doc has a brand new chapter
explaining the sequence establishing a trust, and how to gather debug logs:
Troubleshooting setting up a cross-forest trust [1]
The timeout error often happens when the firewall is blocking some of the
ports required for AD-IdM communication. You can probably jump directly to
this doc section: [2] Ports required for communication between IdM and AD
HTH,
flo
[1]
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/installing_identity_management/installing-trust-between-idm-and-ad_installing-identity-management#assembly_troubleshooting-setting-up-a-cross-forest-trust_installing-trust-between-idm-and-ad
[2]
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/installing_identity_management/installing-trust-between-idm-and-ad_installing-identity-management#ports-required-for-communication-between-idm-and-ad_installing-trust-between-idm-and-ad
Cheers,
> Ronald
> _______________________________________________
> FreeIPA-users mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/[email protected]
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
>
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
