On Fri, 04 Apr 2014, Redmond, Stacy wrote:
We will be using unix as the Kerberos realm and unix.sbx.local as the
domain so we can use srv records for the unix hosts to point at ipa.
The AD domain is sbx.local, here is the output using the AD domain

[root@linuxtest1 ~]# ipa trust-add --type=ad sbx.local --admin
Administrator --password
Active directory domain administrator's password:
ipa: ERROR: Cannot find specified domain or server name
[root@linuxtest1 ~]# cat /var/log/httpd/error_log
lpcfg_load: refreshing parameters from /usr/share/ipa/smb.conf.empty
params.c:pm_process() - Processing configuration file
"/usr/share/ipa/smb.conf.empty"
Processing section "[global]"
INFO: Current debug levels:
 all: 100
 tdb: 100
 printdrivers: 100
 lanman: 100
 smb: 100
 rpc_parse: 100
 rpc_srv: 100
 rpc_cli: 100
 passdb: 100
 sam: 100
 auth: 100
 winbind: 100
 vfs: 100
 idmap: 100
 quota: 100
 acls: 100
 locking: 100
 msdfs: 100
 dmapi: 100
 registry: 100
pm_process() returned Yes
Using binding ncacn_np:linuxtest1.unix.sbx.local[,]
^^ talking to IPA host's smbd process.

tevent: Added timed event "dcerpc_connect_timeout_handler":
0x7facb82e9d30
tevent: Added timed event "composite_trigger": 0x7facb80a8de0
tevent: Added timed event "composite_trigger": 0x7facb80a9710
tevent: Running timer event 0x7facb80a8de0 "composite_trigger"
tevent: Destroying timer event 0x7facb80a9710 "composite_trigger"
Mapped to DCERPC endpoint \pipe\lsarpc
added interface eth0 ip=10.130.82.68 bcast=10.130.82.255
netmask=255.255.255.0
added interface eth0 ip=10.130.82.68 bcast=10.130.82.255
netmask=255.255.255.0
tevent: Ending timer event 0x7facb80a8de0 "composite_trigger"
tevent: Added timed event "connect_multi_timer": 0x7facb81bf0e0
tevent: Schedule immediate event "tevent_req_trigger": 0x7facb81bfa10
tevent: Run immediate event "tevent_req_trigger": 0x7facb81bfa10
tevent: Destroying timer event 0x7facb81bf0e0 "connect_multi_timer"
Socket options:
       SO_KEEPALIVE = 0
       SO_REUSEADDR = 0
       SO_BROADCAST = 0
       TCP_NODELAY = 1
       TCP_KEEPCNT = 9
       TCP_KEEPIDLE = 7200
       TCP_KEEPINTVL = 75
       IPTOS_LOWDELAY = 0
       IPTOS_THROUGHPUT = 0
       SO_REUSEPORT = 0
       SO_SNDBUF = 169160
       SO_RCVBUF = 87380
       SO_SNDLOWAT = 1
       SO_RCVLOWAT = 1
       SO_SNDTIMEO = 0
       SO_RCVTIMEO = 0
       TCP_QUICKACK = 1
       TCP_DEFER_ACCEPT = 0
tevent: Added timed event "tevent_req_timedout": 0x7facb814b930
tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7facb8156ab0
tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7facb8156ab0
tevent: Destroying timer event 0x7facb814b930 "tevent_req_timedout"
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Ticket in credentials cache for admin@UNIX will expire in 31325 secs
tevent: Added timed event "tevent_req_timedout": 0x7facb82715b0
tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7facb8156ab0
tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7facb8156ab0
tevent: Destroying timer event 0x7facb82715b0 "tevent_req_timedout"
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically sealed
tevent: Added timed event "tevent_req_timedout": 0x7facb814c340
tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7facb8156ab0
tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7facb8156ab0
tevent: Destroying timer event 0x7facb814c340 "tevent_req_timedout"
tevent: Added timed event "tevent_req_timedout": 0x7facb814c340
tevent: Schedule immediate event "tevent_queue_immediate_trigger":
0x7facb8156ab0
tevent: Run immediate event "tevent_queue_immediate_trigger":
0x7facb8156ab0
tevent: Destroying timer event 0x7facb814c340 "tevent_req_timedout"
tevent: Destroying timer event 0x7facb82e9d30
"dcerpc_connect_timeout_handler"
^^ stopped just short of authenticating to smbd prior to ask it for
informational policy about the domain.

This means there is some problem in what smbd thinks about your
admin@UNIX account.

Can you do following:

# for i in /var/log/samba/log.* ; do echo > $i ; done
# smbcontrol all debug 100
# kinit admin@UNIX
# ipa trust-add sbx.local ....
# smbcontrol all debug 1

now archive logs in /var/log/samba/log.* and send them to me privately.

--
/ Alexander Bokovoy

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to