HI i have re-installed IPA with latest 4.1 version.
installed packages by using https://copr.fedoraproject.org/coprs/mkosek/freeipa/ repos # ipa-server-install went successfully without any error an it says the same on log files *[root@kwtpocpbis01 ~]# kinit admin* *Password for [email protected]:* *[root@kwtpocpbis01 ~]# klist* *Ticket cache: KEYRING:persistent:0:0* *Default principal: [email protected]* *Valid starting Expires Service principal* *03/04/2015 08:36:55 03/05/2015 08:36:51 krbtgt/[email protected]* *[root@kwtpocpbis01 ~]# geten* *getenforce getent* *[root@kwtpocpbis01 ~]# getent passwd admin* *admin:*:4400000:4400000:Administrator:/home/admin:/bin/bash* *# ipa-adtrust-install --netbios-name=SOLIPA -a Passw0rd* also successfully went . DNS is working fine as expected. *[root@kwtpocpbis01 ~]# dig SRV _ldap._tcp.kwttestdc.com <http://tcp.kwttestdc.com>* *; <<>> DiG 9.9.4-RedHat-9.9.4-20.el7.centos.pkcs11 <<>> SRV _ldap._tcp.kwttestdc.com <http://tcp.kwttestdc.com>* *;; global options: +cmd* *;; Got answer:* *;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26944* *;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2* *;; OPT PSEUDOSECTION:* *; EDNS: version: 0, flags:; udp: 4000* *;; QUESTION SECTION:* *;_ldap._tcp.kwttestdc.com <http://tcp.kwttestdc.com>. IN SRV* *;; ANSWER SECTION:* *_ldap._tcp.kwttestdc.com <http://tcp.kwttestdc.com>. 600 IN SRV 0 100 389 kwttestdc001.kwttestdc.com <http://kwttestdc001.kwttestdc.com>.* *;; ADDITIONAL SECTION:* *kwttestdc001.kwttestdc.com <http://kwttestdc001.kwttestdc.com>. 3600 IN A 172.16.104.231* *;; Query time: 0 msec* *;; SERVER: 172.16.104.231#53(172.16.104.231)* *;; WHEN: Wed Mar 04 08:41:26 AST 2015* *;; MSG SIZE rcvd: 115* *[root@kwtpocpbis01 ~]# dig SRV _ldap._tcp.solipa.local* *; <<>> DiG 9.9.4-RedHat-9.9.4-20.el7.centos.pkcs11 <<>> SRV _ldap._tcp.solipa.local* *;; global options: +cmd* *;; Got answer:* *;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6196* *;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2* *;; OPT PSEUDOSECTION:* *; EDNS: version: 0, flags:; udp: 4000* *;; QUESTION SECTION:* *;_ldap._tcp.solipa.local. IN SRV* *;; ANSWER SECTION:* *_ldap._tcp.solipa.local. 11944 IN SRV 0 100 389 kwtpocpbis01.solipa.local.* *;; ADDITIONAL SECTION:* *kwtpocpbis01.solipa.local. 1200 IN A 172.16.107.244* *;; Query time: 2 msec* *;; SERVER: 172.16.104.231#53(172.16.104.231)* *;; WHEN: Wed Mar 04 08:41:34 AST 2015* *;; MSG SIZE rcvd: 113* But when i try to trust add AD, i am getting error [root@kwtpocpbis01 ~]# ipa trust-add --type=ad kwttestdc.com --admin adm-ben.george --password Active Directory domain administrator's password: ipa: ERROR: AD DC was unable to reach any IPA domain controller. Most likely it is a DNS or firewall issue I checked from firewall status on both IPA and AD, and it was in off state. below is the error i got on httpd/error_log while trying AD trust *[Wed Mar 04 08:50:30.784320 2015] [:error] [pid 6138] ipa: INFO: [jsonserver_session] [email protected]: trust_add(u'kwttestdc.com <http://kwttestdc.com>', trust_type=u'ad', realm_admin=u'adm-ben.george', realm_passwd=u'********', all=False, raw=False, version=u'2.113'): RemoteRetrieveError* and i have enable debugging on SM, here attaching logs from samba LOGS can be downloaded from here also : https://app.box.com/s/6bx9cgozjyb8h96wx7j6ovvz9w8cp4yl how can i fix this issue? Thanks & Regards, Ben
ipa.tar
Description: Unix tar archive
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
