On Thu, Apr 03, 2014 at 02:31:55PM +0000, Matthew W Hanley wrote: > I'm in the midst of setting up a trust with FreeIPA and Active Directory and > am receiving the following error: > > # ipa trust-add --type=ad ad.example.com --admin 'mwhanley' --password > Active directory domain administrator's password: > > ipa: ERROR: Cannot find specified domain or server name
looks like a DNS issue. Can you check if dig SRV _ldap._tcp.ad.example.com returns a list of IP addresses for your AD DCs? If not you might want to have a look at www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#DNS_configuration . HTH bye, Sumit > > The FreeIPA server is running Fedora release 20, version 3.3.3-4 of FreeIPA > and I have turned on debugging and get the following: > > ps [Wed Apr 02 10:20:53.766064 2014] [:error] [pid 32522] ipa: INFO: > ad...@ipaexample.com: trust_add(u'ad.example.com', trust_type=u'ad', > realm_admin=u'mwhanley', realm_passwd=u'********', all=False, raw=False, > version=u'2.65'): NotFound > [Wed Apr 02 10:21:29.635077 2014] [:error] [pid 32521] ipa: INFO: > ad...@ipaexample.com: idrange_find(None, all=False, raw=False, > version=u'2.65', pkey_only=False): SUCCESS > INFO: Current debug levels: > all: 11 > tdb: 11 > printdrivers: 11 > lanman: 11 > smb: 11 > rpc_parse: 11 > rpc_srv: 11 > rpc_cli: 11 > passdb: 11 > sam: 11 > auth: 11 > winbind: 11 > vfs: 11 > idmap: 11 > quota: 11 > acls: 11 > locking: 11 > msdfs: 11 > dmapi: 11 > registry: 11 > scavenger: 11 > dns: 11 > ldb: 11 > pm_process() returned Yes > Using binding ncacn_np:host.ipaexample.com[,] > Mapped to DCERPC endpoint \pipe\lsarpc > added interface eth0 ip=xxx.xxx.xxx.xxx bcast=xxx.xxx.xxx.xxx > netmask=255.255.255.0 > added interface eth0 ip=xxx.xxx.xxx.xxx bcast=xxx.xxx.xxx.xxx > netmask=255.255.255.0 > Socket options: > SO_KEEPALIVE = 0 > SO_REUSEADDR = 0 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_REUSEPORT = 0 > SO_SNDBUF = 663750 > SO_RCVBUF = 265452 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 > TCP_DEFER_ACCEPT = 0 > Starting GENSEC mechanism spnego > Starting GENSEC submechanism gssapi_krb5 > Ticket in credentials cache for ad...@ipaexample.com will expire in 84015 secs > gensec_gssapi: NO credentials were delegated > GSSAPI Connection will be cryptographically sealed > > I've also done an "ipactl restart" to no avail. Any help would be > appreciated. > > -Matt > > > Matthew Hanley > IT Analyst > Syracuse University > mwhan...@syr.edu > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users