I have this same exact issue. I have not only verified that DNS is functioning properly, I have also added the AD server to the local hosts file as is the reported fix for this issue and it still persists.
[root@linuxtest1 ~]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.5 (Santiago) [root@linuxtest1 ~]# uname -a Linux linuxtest1.sbx.local 2.6.32-431.11.2.el6.x86_64 #1 SMP Mon Mar 3 13:32:45 EST 2014 x86_64 x86_64 x86_64 GNU/Linux [root@linuxtest1 ~]# nslookup wdir901sbx.sbx.local Server: 10.130.82.20 Address: 10.130.82.20#53 Name: wdir901sbx.sbx.local Address: 10.130.82.20 [root@linuxtest1 ~]# nslookup 10.130.82.20 Server: 10.130.82.20 Address: 10.130.82.20#53 20.82.130.10.in-addr.arpa name = wdir901sbx.sbx.local. [root@linuxtest1 ~]# dig SRV _ldap._tcp.ad.sbx.local ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> SRV _ldap._tcp.ad.sbx.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 50435 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;_ldap._tcp.ad.sbx.local. IN SRV ;; AUTHORITY SECTION: sbx.local. 3600 IN SOA wdir901sbx.sbx.local. hostmaster. 4715 900 600 86400 3600 ;; Query time: 0 msec ;; SERVER: 10.130.82.20#53(10.130.82.20) ;; WHEN: Thu Apr 3 10:34:02 2014 ;; MSG SIZE rcvd: 107 [root@linuxtest1 ~]# ipa trust-add --type=ad ad.sbx.local --admin 'admsredmo01' --password Active directory domain administrator's password: ipa: ERROR: Cannot find specified domain or server name [root@linuxtest1 ~]# [root@linuxtest1 ~]# ipa trust-add --type=ad sbx.local --admin 'admsredmo01' --password Active directory domain administrator's password: ipa: ERROR: Cannot find specified domain or server name [root@linuxtest1 ~]# Any and all help would be appreciated. -----Original Message----- From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of freeipa-users-requ...@redhat.com Sent: Thursday, April 03, 2014 9:00 AM To: freeipa-users@redhat.com Subject: Freeipa-users Digest, Vol 69, Issue 20 Send Freeipa-users mailing list submissions to freeipa-users@redhat.com To subscribe or unsubscribe via the World Wide Web, visit https://www.redhat.com/mailman/listinfo/freeipa-users or, via email, send a message with subject or body 'help' to freeipa-users-requ...@redhat.com You can reach the person managing the list at freeipa-users-ow...@redhat.com When replying, please edit your Subject line so it is more specific than "Re: Contents of Freeipa-users digest..." Today's Topics: 1. Re: Unable to establish trust with FreeIPA and Active Directory (Sumit Bose) ---------------------------------------------------------------------- Message: 1 Date: Thu, 3 Apr 2014 16:53:31 +0200 From: Sumit Bose <sb...@redhat.com> To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Unable to establish trust with FreeIPA and Active Directory Message-ID: <20140403145331.GN11404@localhost.localdomain> Content-Type: text/plain; charset=us-ascii On Thu, Apr 03, 2014 at 02:31:55PM +0000, Matthew W Hanley wrote: > I'm in the midst of setting up a trust with FreeIPA and Active Directory and am receiving the following error: > > # ipa trust-add --type=ad ad.example.com --admin 'mwhanley' --password > Active directory domain administrator's password: > > ipa: ERROR: Cannot find specified domain or server name looks like a DNS issue. Can you check if dig SRV _ldap._tcp.ad.example.com returns a list of IP addresses for your AD DCs? If not you might want to have a look at www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#DNS_configuration . HTH bye, Sumit > > The FreeIPA server is running Fedora release 20, version 3.3.3-4 of FreeIPA and I have turned on debugging and get the following: > > ps [Wed Apr 02 10:20:53.766064 2014] [:error] [pid 32522] ipa: INFO: > ad...@ipaexample.com: trust_add(u'ad.example.com', trust_type=u'ad', > realm_admin=u'mwhanley', realm_passwd=u'********', all=False, > raw=False, version=u'2.65'): NotFound [Wed Apr 02 10:21:29.635077 > 2014] [:error] [pid 32521] ipa: INFO: ad...@ipaexample.com: > idrange_find(None, all=False, raw=False, version=u'2.65', > pkey_only=False): SUCCESS > INFO: Current debug levels: > all: 11 > tdb: 11 > printdrivers: 11 > lanman: 11 > smb: 11 > rpc_parse: 11 > rpc_srv: 11 > rpc_cli: 11 > passdb: 11 > sam: 11 > auth: 11 > winbind: 11 > vfs: 11 > idmap: 11 > quota: 11 > acls: 11 > locking: 11 > msdfs: 11 > dmapi: 11 > registry: 11 > scavenger: 11 > dns: 11 > ldb: 11 > pm_process() returned Yes > Using binding ncacn_np:host.ipaexample.com[,] Mapped to DCERPC > endpoint \pipe\lsarpc added interface eth0 ip=xxx.xxx.xxx.xxx > bcast=xxx.xxx.xxx.xxx netmask=255.255.255.0 added interface eth0 > ip=xxx.xxx.xxx.xxx bcast=xxx.xxx.xxx.xxx netmask=255.255.255.0 Socket > options: > SO_KEEPALIVE = 0 > SO_REUSEADDR = 0 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_REUSEPORT = 0 > SO_SNDBUF = 663750 > SO_RCVBUF = 265452 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 > TCP_DEFER_ACCEPT = 0 > Starting GENSEC mechanism spnego > Starting GENSEC submechanism gssapi_krb5 Ticket in credentials cache > for ad...@ipaexample.com will expire in 84015 secs > gensec_gssapi: NO credentials were delegated GSSAPI Connection will be > cryptographically sealed > > I've also done an "ipactl restart" to no avail. Any help would be appreciated. > > -Matt > > > Matthew Hanley > IT Analyst > Syracuse University > mwhan...@syr.edu > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users ------------------------------ _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users End of Freeipa-users Digest, Vol 69, Issue 20 ********************************************* _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
