Hello all !

I have deployed test environment for AD trust feature, the environment
contains :
Windows Server 2008 - AD Server.
RHEL 7 - IPA 3.3 Server.
RHEL  6.2 - IPA Client.

I have established the trust as IPA in the sub domain of AD.
AD DNS domain - blue.com
IPA DNS domain - linux.blue.com

All was working fine as i was able to kinit with AD users:

[root@ipaserver1 ~]# kinit y...@blue.com
Password for y...@blue.com:

[root@ipaserver1 ~]# klist
Ticket cache: KEYRING:persistent:0:krb_ccache_oi15FrE
Default principal: y...@blue.com

Valid starting       Expires              Service principal
09/16/2014 01:00:25  09/16/2014 11:00:25  krbtgt/blue....@blue.com
        renew until 09/17/2014 01:00:20

But after i rebooted the Windows Server Machine, i could not kinit with AD
users anymore:
[root@ipaserver1 ~]# kinit y...@blue.com
kinit:  Cannot resolve servers for KDC in realm "BLUE.COM" while getting
initial

I have checked if all the IPA services where UP:

[root@ipaserver1 ~]# ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
ipa_memcached Service: RUNNING
httpd Service: RUNNING
pki-tomcatd Service: RUNNING
smb Service: RUNNING
winbind Service: RUNNING
ipa-otpd Service: RUNNING
ipa: INFO: The ipactl command was successful

After i restarted IPA services (ipactl restart), i was able to to kinit
again.
Restarting smb service would do the job as well (?).

Just wanted to know if it is a know issue, or the AD should be re
discovered if it reboots.
I think i seen an issue about it in the mailing list some time ago (not
sure).

I did not increase the debug level and got the logs.
But i can share the ipa and sssd version:

rpm -qa | grep ipa
ipa-server-3.3.3-28.el7_0.1.x86_64
python-iniparse-0.4-9.el7.noarch
libipa_hbac-1.11.2-68.el7_0.5.x86_64
ipa-admintools-3.3.3-28.el7_0.1.x86_64
ipa-server-trust-ad-3.3.3-28.el7_0.1.x86_64
ipa-python-3.3.3-28.el7_0.1.x86_64
sssd-ipa-1.11.2-68.el7_0.5.x86_64
iniparser-3.1-5.el7.x86_64
libipa_hbac-python-1.11.2-68.el7_0.5.x86_64
ipa-client-3.3.3-28.el7_0.1.x86_64

rpm -qa | grep sssd
sssd-krb5-common-1.11.2-68.el7_0.5.x86_64
sssd-ldap-1.11.2-68.el7_0.5.x86_64
sssd-common-1.11.2-68.el7_0.5.x86_64
sssd-common-pac-1.11.2-68.el7_0.5.x86_64
sssd-ad-1.11.2-68.el7_0.5.x86_64
sssd-krb5-1.11.2-68.el7_0.5.x86_64
sssd-1.11.2-68.el7_0.5.x86_64
python-sssdconfig-1.11.2-68.el7_0.5.noarch
sssd-ipa-1.11.2-68.el7_0.5.x86_64
sssd-proxy-1.11.2-68.el7_0.5.x86_64
sssd-client-1.11.2-68.el7_0.5.x86_64

 Thanks for all the helpers.
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to