On Wed, 04 Mar 2015, Ben .T.George wrote:
i found that some DNS mismatching while trying to add AD. but that dns is
not listed anywhere

that is showing under krb5kdc.log. CLIENT_NOT_FOUND error message, with
some IP address.

let me try to re-install everything.

which is the suggested Best software version combination ?

Redhat 7 + IPA 3.3 , Redhat 7 + IPA 4.1 or Redhat6.6 + IPA 4.1
RHEL 7.1 provides IPA 4.1, this is a best combination.

I hope it will be released real soon but beta is already available.



On Wed, Mar 4, 2015 at 11:31 AM, Ben .T.George <bentech4...@gmail.com>
wrote:

Hi i have done tcpdump against AD ip

*10:21:34.033939 IP kwtpocpbis01.solipa.local.48731 >
kwttestdc001.kwttestdc.com.domain: 39643+ SRV? _ldap._tcp.solipa.local.
(41)*
*10:21:34.034530 IP kwttestdc001.kwttestdc.com.domain >
kwtpocpbis01.solipa.local.48731: 39643 1/0/1 SRV
kwtpocpbis01.solipa.local.:389 0 100 (102)*
*10:21:38.026794 IP kwtpocpbis01.solipa.local.42160 >
kwttestdc001.kwttestdc.com.microsoft-ds: Flags [F.], seq 63944419, ack
521272023, win 165, options [nop,nop,TS val 6918912 ecr 248450971], length
0*
*10:21:38.027095 IP kwttestdc001.kwttestdc.com.microsoft-ds >
kwtpocpbis01.solipa.local.42160: Flags [.], ack 1, win 511, options
[nop,nop,TS val 248822622 ecr 6918912], length 0*
*10:21:38.027517 IP kwttestdc001.kwttestdc.com.microsoft-ds >
kwtpocpbis01.solipa.local.42160: Flags [R.], seq 1, ack 1, win 0, length 0*
*10:21:38.031732 IP kwtpocpbis01.solipa.local.34108 >
kwttestdc001.kwttestdc.com.domain: 6437+ SRV? _ldap._tcp.kwttestdc.com
<http://tcp.kwttestdc.com>. (42)*
*10:21:38.032554 IP kwttestdc001.kwttestdc.com.domain >
kwtpocpbis01.solipa.local.34108: 6437* 1/0/1 SRV
kwttestdc001.kwttestdc.com.:389 0 100 (104)*
*10:21:38.032827 IP kwtpocpbis01.solipa.local.48294 >
kwttestdc001.kwttestdc.com.domain: 64621+ AAAA? kwttestdc001.kwttestdc.com
<http://kwttestdc001.kwttestdc.com>. (44)*
*10:21:38.033191 IP kwttestdc001.kwttestdc.com.domain >
kwtpocpbis01.solipa.local.48294: 64621* 0/1/0 (91)*
*10:21:38.033268 IP kwtpocpbis01.solipa.local.39812 >
kwttestdc001.kwttestdc.com.domain: 7211+ AAAA? kwttestdc001.kwttestdc.com
<http://kwttestdc001.kwttestdc.com>. (44)*
*10:21:38.033797 IP kwttestdc001.kwttestdc.com.domain >
kwtpocpbis01.solipa.local.39812: 7211* 0/1/0 (91)*
*10:21:38.033836 IP kwtpocpbis01.solipa.local.37700 >
kwttestdc001.kwttestdc.com.domain: 48543+ A? kwttestdc001.kwttestdc.com
<http://kwttestdc001.kwttestdc.com>. (44)*
*10:21:38.034193 IP kwttestdc001.kwttestdc.com.domain >
kwtpocpbis01.solipa.local.37700: 48543* 1/0/0 A 172.16.104.231 (60)*
*10:21:38.035587 IP kwtpocpbis01.solipa.local.48384 >
kwttestdc001.kwttestdc.com.ldap: UDP, length 82*
*10:21:38.035925 IP kwttestdc001.kwttestdc.com.ldap >
kwtpocpbis01.solipa.local.48384: UDP, length 188*
*10:21:38.037107 IP kwtpocpbis01.solipa.local.44461 >
kwttestdc001.kwttestdc.com.ldap: Flags [S], seq 2172952938 <2172952938>,
win 14600, options [mss 1460,sackOK,TS val 6918922 ecr 0,nop,wscale 7],
length 0*
*10:21:38.037577 IP kwttestdc001.kwttestdc.com.ldap >
kwtpocpbis01.solipa.local.44461: Flags [S.], seq 4067674102 <4067674102>,
ack 2172952939 <2172952939>, win 8192, options [mss 1460,nop,wscale
8,sackOK,TS val 248822623 ecr 6918922], length 0*
*10:21:38.037594 IP kwtpocpbis01.solipa.local.44461 >
kwttestdc001.kwttestdc.com.ldap: Flags [.], ack 1, win 115, options
[nop,nop,TS val 6918922 ecr 248822623], length 0*
*10:21:38.037627 IP kwtpocpbis01.solipa.local.44461 >
kwttestdc001.kwttestdc.com.ldap: Flags [P.], seq 1:75, ack 1, win 115,
options [nop,nop,TS val 6918922 ecr 248822623], length 74*
*10:21:38.038501 IP kwttestdc001.kwttestdc.com.ldap >
kwtpocpbis01.solipa.local.44461: Flags [.], seq 1:1449, ack 75, win 514,
options [nop,nop,TS val 248822623 ecr 6918922], length 1448*
*10:21:38.038520 IP kwtpocpbis01.solipa.local.44461 >
kwttestdc001.kwttestdc.com.ldap: Flags [.], ack 1449, win 137, options
[nop,nop,TS val 6918923 ecr 248822623], length 0*
*10:21:38.038526 IP kwttestdc001.kwttestdc.com.ldap >
kwtpocpbis01.solipa.local.44461: Flags [.], seq 1449:2897, ack 75, win 514,
options [nop,nop,TS val 248822623 ecr 6918922], length 1448*
*10:21:38.038534 IP kwtpocpbis01.solipa.local.44461 >
kwttestdc001.kwttestdc.com.ldap: Flags [.], ack 2897, win 160, options
[nop,nop,TS val 6918923 ecr 248822623], length 0*
*10:21:38.038703 IP kwttestdc001.kwttestdc.com.ldap >
kwtpocpbis01.solipa.local.44461: Flags [P.], seq 2897:3228, ack 75, win
514, options [nop,nop,TS val 248822623 ecr 6918923], length 331*
*10:21:38.038711 IP kwtpocpbis01.solipa.local.44461 >
kwttestdc001.kwttestdc.com.ldap: Flags [.], ack 3228, win 182, options
[nop,nop,TS val 6918924 ecr 248822623], length 0*
*10:21:38.039039 IP kwtpocpbis01.solipa.local.44461 >
kwttestdc001.kwttestdc.com.ldap: Flags [P.], seq 75:117, ack 3228, win 182,
options [nop,nop,TS val 6918924 ecr 248822623], length 42*
*10:21:38.039055 IP kwtpocpbis01.solipa.local.44461 >
kwttestdc001.kwttestdc.com.ldap: Flags [F.], seq 117, ack 3228, win 182,
options [nop,nop,TS val 6918924 ecr 248822623], length 0*
*10:21:38.039383 IP kwttestdc001.kwttestdc.com.ldap >
kwtpocpbis01.solipa.local.44461: Flags [.], ack 118, win 514, options
[nop,nop,TS val 248822623 ecr 6918924], length 0*
*10:21:38.039406 IP kwttestdc001.kwttestdc.com.ldap >
kwtpocpbis01.solipa.local.44461: Flags [R.], seq 3228, ack 118, win 0,
length 0*
*10:21:38.042568 IP kwtpocpbis01.solipa.local.42260 >
kwttestdc001.kwttestdc.com.microsoft-ds: Flags [S], seq 3200525455, win
14600, options [mss 1460,sackOK,TS val 6918927 ecr 0,nop,wscale 7], length
0*
*10:21:38.042810 IP kwttestdc001.kwttestdc.com.microsoft-ds >
kwtpocpbis01.solipa.local.42260: Flags [S.], seq 2793269455 <2793269455>,
ack 3200525456, win 8192, options [mss 1460,nop,wscale 8,sackOK,TS val
248822624 ecr 6918927], length 0*
*10:21:38.042829 IP kwtpocpbis01.solipa.local.42260 >
kwttestdc001.kwttestdc.com.microsoft-ds: Flags [.], ack 1, win 115, options
[nop,nop,TS val 6918928 ecr 248822624], length 0*
*10:21:38.043374 IP kwtpocpbis01.solipa.local.42260 >
kwttestdc001.kwttestdc.com.microsoft-ds: Flags [P.], seq 1:195, ack 1, win
115, options [nop,nop,TS val 6918928 ecr 248822624], length 194SMB PACKET:
SMBnegprot (REQUEST)*

*10:21:38.043903 IP kwttestdc001.kwttestdc.com.microsoft-ds >
kwtpocpbis01.solipa.local.42260: Flags [P.], seq 1:210, ack 195, win 514,
options [nop,nop,TS val 248822624 ecr 6918928], length 209SMB PACKET:
SMBnegprot (REPLY)*

*10:21:38.043919 IP kwtpocpbis01.solipa.local.42260 >
kwttestdc001.kwttestdc.com.microsoft-ds: Flags [.], ack 210, win 123,
options [nop,nop,TS val 6918929 ecr 248822624], length 0*
*10:21:38.044868 IP kwtpocpbis01.solipa.local.42260 >
kwttestdc001.kwttestdc.com.microsoft-ds: Flags [P.], seq 195:387, ack 210,
win 123, options [nop,nop,TS val 6918930 ecr 248822624], length 192SMB
PACKET: SMBsesssetupX (REQUEST)*

*10:21:38.045203 IP kwttestdc001.kwttestdc.com.microsoft-ds >
kwtpocpbis01.solipa.local.42260: Flags [P.], seq 210:732, ack 387, win 513,
options [nop,nop,TS val 248822624 ecr 6918930], length 522SMB PACKET:
SMBsesssetupX (REPLY)*

*10:21:38.045770 IP kwtpocpbis01.solipa.local.42260 >
kwttestdc001.kwttestdc.com.microsoft-ds: Flags [P.], seq 387:905, ack 732,
win 131, options [nop,nop,TS val 6918931 ecr 248822624], length 518SMB
PACKET: SMBsesssetupX (REQUEST)*

*10:21:38.047195 IP kwttestdc001.kwttestdc.com.microsoft-ds >
kwtpocpbis01.solipa.local.42260: Flags [P.], seq 732:972, ack 905, win 511,
options [nop,nop,TS val 248822624 ecr 6918931], length 240SMB PACKET:
SMBsesssetupX (REPLY)*

*10:21:38.047568 IP kwtpocpbis01.solipa.local.42260 >
kwttestdc001.kwttestdc.com.microsoft-ds: Flags [P.], seq 905:1027, ack 972,
win 140, options [nop,nop,TS val 6918932 ecr 248822624], length 122SMB
PACKET: SMBtconX (REQUEST)*

*10:21:38.047985 IP kwttestdc001.kwttestdc.com.microsoft-ds >
kwtpocpbis01.solipa.local.42260: Flags [P.], seq 972:1032, ack 1027, win
511, options [nop,nop,TS val 248822624 ecr 6918932], length 60SMB PACKET:
SMBtconX (REPLY)*

*10:21:38.048235 IP kwtpocpbis01.solipa.local.42260 >
kwttestdc001.kwttestdc.com.microsoft-ds: Flags [P.], seq 1027:1131, ack
1032, win 140, options [nop,nop,TS val 6918933 ecr 248822624], length
104SMB PACKET: SMBntcreateX (REQUEST)*

*10:21:38.048698 IP kwttestdc001.kwttestdc.com.microsoft-ds >
kwtpocpbis01.solipa.local.42260: Flags [P.], seq 1032:1139, ack 1131, win
511, options [nop,nop,TS val 248822624 ecr 6918933], length 107SMB PACKET:
SMBntcreateX (REPLY)*

*10:21:38.048989 IP kwtpocpbis01.solipa.local.42260 >
kwttestdc001.kwttestdc.com.microsoft-ds: Flags [P.], seq 1131:1291, ack
1139, win 140, options [nop,nop,TS val 6918934 ecr 248822624], length
160SMB PACKET: SMBtrans (REQUEST)*

*10:21:38.049378 IP kwttestdc001.kwttestdc.com.microsoft-ds >
kwtpocpbis01.solipa.local.42260: Flags [P.], seq 1139:1267, ack 1291, win
510, options [nop,nop,TS val 248822624 ecr 6918934], length 128SMB PACKET:
SMBtrans (REPLY)*

*10:21:38.050552 IP kwtpocpbis01.solipa.local.42260 >
kwttestdc001.kwttestdc.com.microsoft-ds: Flags [P.], seq 1291:1459, ack
1267, win 148, options [nop,nop,TS val 6918935 ecr 248822624], length
168SMB PACKET: SMBtrans (REQUEST)*

*10:21:38.050950 IP kwttestdc001.kwttestdc.com.microsoft-ds >
kwtpocpbis01.solipa.local.42260: Flags [P.], seq 1267:1375, ack 1459, win
509, options [nop,nop,TS val 248822625 ecr 6918935], length 108SMB PACKET:
SMBtrans (REPLY)*

*10:21:38.051805 IP kwtpocpbis01.solipa.local.42260 >
kwttestdc001.kwttestdc.com.microsoft-ds: Flags [P.], seq 1459:1593, ack
1375, win 148, options [nop,nop,TS val 6918937 ecr 248822625], length
134SMB PACKET: SMBtrans (REQUEST)*

*10:21:38.052072 IP kwttestdc001.kwttestdc.com.microsoft-ds >
kwtpocpbis01.solipa.local.42260: Flags [P.], seq 1375:1655, ack 1593, win
509, options [nop,nop,TS val 248822625 ecr 6918937], length 280SMB PACKET:
SMBtrans (REPLY)*

*10:21:38.053560 IP kwtpocpbis01.solipa.local.42260 >
kwttestdc001.kwttestdc.com.microsoft-ds: Flags [P.], seq 1593:1727, ack
1655, win 156, options [nop,nop,TS val 6918938 ecr 248822625], length
134SMB PACKET: SMBtrans (REQUEST)*

*10:21:38.053875 IP kwttestdc001.kwttestdc.com.microsoft-ds >
kwtpocpbis01.solipa.local.42260: Flags [P.], seq 1655:1755, ack 1727, win
514, options [nop,nop,TS val 248822625 ecr 6918938], length 100SMB PACKET:
SMBtrans (REPLY)*

*10:21:38.060487 IP kwtpocpbis01.solipa.local.42260 >
kwttestdc001.kwttestdc.com.microsoft-ds: Flags [P.], seq 1727:1905, ack
1755, win 156, options [nop,nop,TS val 6918945 ecr 248822625], length
178SMB PACKET: SMBtrans (REQUEST)*

*10:21:38.061143 IP kwttestdc001.kwttestdc.com.microsoft-ds >
kwtpocpbis01.solipa.local.42260: Flags [P.], seq 1755:1999, ack 1905, win
514, options [nop,nop,TS val 248822626 ecr 6918945], length 244SMB PACKET:
SMBtrans (REPLY)*

*10:21:38.063073 IP kwtpocpbis01.solipa.local.42260 >
kwttestdc001.kwttestdc.com.microsoft-ds: Flags [P.], seq 1905:2065, ack
1999, win 165, options [nop,nop,TS val 6918948 ecr 248822626], length
160SMB PACKET: SMBtrans (REQUEST)*

*10:21:38.069191 IP kwttestdc001.kwttestdc.com.microsoft-ds >
kwtpocpbis01.solipa.local.42260: Flags [P.], seq 1999:2087, ack 2065, win
513, options [nop,nop,TS val 248822626 ecr 6918948], length 88SMB PACKET:
SMBtrans (REPLY)*

*10:21:38.088743 IP kwtpocpbis01.solipa.local.42260 >
kwttestdc001.kwttestdc.com.microsoft-ds: Flags [P.], seq 2065:3421, ack
2087, win 165, options [nop,nop,TS val 6918974 ecr 248822626], length
1356SMB PACKET: SMBtrans (REQUEST)*

*10:21:38.203820 IP kwttestdc001.kwttestdc.com.microsoft-ds >
kwtpocpbis01.solipa.local.42260: Flags [P.], seq 2087:2195, ack 3421, win
514, options [nop,nop,TS val 248822640 ecr 6918974], length 108SMB PACKET:
SMBtrans (REPLY)*

*10:21:38.205063 IP kwtpocpbis01.solipa.local.42260 >
kwttestdc001.kwttestdc.com.microsoft-ds: Flags [P.], seq 3421:3601, ack
2195, win 165, options [nop,nop,TS val 6919090 ecr 248822640], length
180SMB PACKET: SMBtrans (REQUEST)*

*10:21:38.205715 IP kwttestdc001.kwttestdc.com.microsoft-ds >
kwtpocpbis01.solipa.local.42260: Flags [P.], seq 2195:2303, ack 3601, win
514, options [nop,nop,TS val 248822640 ecr 6919090], length 108SMB PACKET:
SMBtrans (REPLY)*

*10:21:38.206634 IP kwtpocpbis01.solipa.local.42260 >
kwttestdc001.kwttestdc.com.microsoft-ds: Flags [P.], seq 3601:3741, ack
2303, win 165, options [nop,nop,TS val 6919092 ecr 248822640], length
140SMB PACKET: SMBtrans (REQUEST)*

*10:21:38.209567 IP kwttestdc001.kwttestdc.com.microsoft-ds >
kwtpocpbis01.solipa.local.42260: Flags [P.], seq 2303:2391, ack 3741, win
513, options [nop,nop,TS val 248822640 ecr 6919092], length 88SMB PACKET:
SMBtrans (REPLY)*

*10:21:38.210883 IP kwtpocpbis01.solipa.local.42260 >
kwttestdc001.kwttestdc.com.microsoft-ds: Flags [P.], seq 3741:3997, ack
2391, win 165, options [nop,nop,TS val 6919096 ecr 248822640], length
256SMB PACKET: SMBtrans (REQUEST)*

*10:21:38.290133 IP kwttestdc001.kwttestdc.com.microsoft-ds >
kwtpocpbis01.solipa.local.42260: Flags [P.], seq 2391:2479, ack 3997, win
512, options [nop,nop,TS val 248822647 ecr 6919096], length 88SMB PACKET:
SMBtrans (REPLY)*

*10:21:38.291716 IP kwtpocpbis01.solipa.local.42260 >
kwttestdc001.kwttestdc.com.microsoft-ds: Flags [P.], seq 3997:4262, ack
2479, win 165, options [nop,nop,TS val 6919177 ecr 248822647], length
265SMB PACKET: SMBtrans (REQUEST)*

*10:21:38.294583 IP kwttestdc001.kwttestdc.com.microsoft-ds >
kwtpocpbis01.solipa.local.42260: Flags [P.], seq 2479:2571, ack 4262, win
511, options [nop,nop,TS val 248822649 ecr 6919177], length 92SMB PACKET:
SMBtrans (REPLY)*

*10:21:38.333630 IP kwtpocpbis01.solipa.local.42260 >
kwttestdc001.kwttestdc.com.microsoft-ds: Flags [.], ack 2571, win 165,
options [nop,nop,TS val 6919219 ecr 248822649], length 0*
*10:21:38.713471 IP kwtpocpbis01.solipa.local.42261 >
kwttestdc001.kwttestdc.com.microsoft-ds: Flags [S], seq 1205005628
<1205005628>, win 14600, options [mss 1460,sackOK,TS val 6919598 ecr
0,nop,wscale 7], length 0*
*10:21:38.713838 IP kwttestdc001.kwttestdc.com.microsoft-ds >
kwtpocpbis01.solipa.local.42261: Flags [S.], seq 3996989028, ack 1205005629
<1205005629>, win 8192, options [mss 1460,nop,wscale 8,sackOK,TS val
248822691 ecr 6919598], length 0*
*10:21:38.713861 IP kwtpocpbis01.solipa.local.42261 >
kwttestdc001.kwttestdc.com.microsoft-ds: Flags [.], ack 1, win 115, options
[nop,nop,TS val 6919599 ecr 248822691], length 0*
*10:21:38.714196 IP kwtpocpbis01.solipa.local.42261 >
kwttestdc001.kwttestdc.com.microsoft-ds: Flags [P.], seq 1:195, ack 1, win
115, options [nop,nop,TS val 6919599 ecr 248822691], length 194SMB PACKET:
SMBnegprot (REQUEST)*

*10:21:38.714773 IP kwttestdc001.kwttestdc.com.microsoft-ds >
kwtpocpbis01.solipa.local.42261: Flags [P.], seq 1:210, ack 195, win 514,
options [nop,nop,TS val 248822691 ecr 6919599], length 209SMB PACKET:
SMBnegprot (REPLY)*

*10:21:38.714787 IP kwtpocpbis01.solipa.local.42261 >
kwttestdc001.kwttestdc.com.microsoft-ds: Flags [.], ack 210, win 123,
options [nop,nop,TS val 6919600 ecr 248822691], length 0*
*10:21:38.715561 IP kwtpocpbis01.solipa.local.42261 >
kwttestdc001.kwttestdc.com.microsoft-ds: Flags [P.], seq 195:387, ack 210,
win 123, options [nop,nop,TS val 6919600 ecr 248822691], length 192SMB
PACKET: SMBsesssetupX (REQUEST)*

*10:21:38.715981 IP kwttestdc001.kwttestdc.com.microsoft-ds >
kwtpocpbis01.solipa.local.42261: Flags [P.], seq 210:732, ack 387, win 513,
options [nop,nop,TS val 248822691 ecr 6919600], length 522SMB PACKET:
SMBsesssetupX (REPLY)*

*10:21:38.716465 IP kwtpocpbis01.solipa.local.42261 >
kwttestdc001.kwttestdc.com.microsoft-ds: Flags [P.], seq 387:905, ack 732,
win 131, options [nop,nop,TS val 6919601 ecr 248822691], length 518SMB
PACKET: SMBsesssetupX (REQUEST)*

*10:21:38.718165 IP kwttestdc001.kwttestdc.com.microsoft-ds >
kwtpocpbis01.solipa.local.42261: Flags [P.], seq 732:972, ack 905, win 511,
options [nop,nop,TS val 248822691 ecr 6919601], length 240SMB PACKET:
SMBsesssetupX (REPLY)*

*10:21:38.718455 IP kwtpocpbis01.solipa.local.42261 >
kwttestdc001.kwttestdc.com.microsoft-ds: Flags [P.], seq 905:1027, ack 972,
win 140, options [nop,nop,TS val 6919603 ecr 248822691], length 122SMB
PACKET: SMBtconX (REQUEST)*

*10:21:38.718773 IP kwttestdc001.kwttestdc.com.microsoft-ds >
kwtpocpbis01.solipa.local.42261: Flags [P.], seq 972:1032, ack 1027, win
511, options [nop,nop,TS val 248822691 ecr 6919603], length 60SMB PACKET:
SMBtconX (REPLY)*

*10:21:38.719028 IP kwtpocpbis01.solipa.local.42261 >
kwttestdc001.kwttestdc.com.microsoft-ds: Flags [P.], seq 1027:1135, ack
1032, win 140, options [nop,nop,TS val 6919604 ecr 248822691], length
108SMB PACKET: SMBntcreateX (REQUEST)*

*10:21:38.719404 IP kwttestdc001.kwttestdc.com.microsoft-ds >
kwtpocpbis01.solipa.local.42261: Flags [P.], seq 1032:1139, ack 1135, win
511, options [nop,nop,TS val 248822691 ecr 6919604], length 107SMB PACKET:
SMBntcreateX (REPLY)*

*10:21:38.719791 IP kwtpocpbis01.solipa.local.42261 >
kwttestdc001.kwttestdc.com.microsoft-ds: Flags [P.], seq 1135:1295, ack
1139, win 140, options [nop,nop,TS val 6919605 ecr 248822691], length
160SMB PACKET: SMBtrans (REQUEST)*

*10:21:38.720098 IP kwttestdc001.kwttestdc.com.microsoft-ds >
kwtpocpbis01.solipa.local.42261: Flags [P.], seq 1139:1267, ack 1295, win
510, options [nop,nop,TS val 248822691 ecr 6919605], length 128SMB PACKET:
SMBtrans (REPLY)*

*10:21:38.720995 IP kwtpocpbis01.solipa.local.42261 >
kwttestdc001.kwttestdc.com.microsoft-ds: Flags [P.], seq 1295:1465, ack
1267, win 148, options [nop,nop,TS val 6919606 ecr 248822691], length
170SMB PACKET: SMBtrans (REQUEST)*

*10:21:38.721306 IP kwttestdc001.kwttestdc.com.microsoft-ds >
kwtpocpbis01.solipa.local.42261: Flags [P.], seq 1267:1395, ack 1465, win
509, options [nop,nop,TS val 248822692 ecr 6919606], length 128SMB PACKET:
SMBtrans (REPLY)*

*10:21:38.722086 IP kwtpocpbis01.solipa.local.42261 >
kwttestdc001.kwttestdc.com.microsoft-ds: Flags [F.], seq 1465, ack 1395,
win 156, options [nop,nop,TS val 6919607 ecr 248822692], length 0*
*10:21:38.722665 IP kwttestdc001.kwttestdc.com.microsoft-ds >
kwtpocpbis01.solipa.local.42261: Flags [.], ack 1466, win 509, options
[nop,nop,TS val 248822692 ecr 6919607], length 0*
*10:21:38.722735 IP kwttestdc001.kwttestdc.com.microsoft-ds >
kwtpocpbis01.solipa.local.42261: Flags [R.], seq 1395, ack 1466, win 0,
length 0*



On Wed, Mar 4, 2015 at 10:07 AM, Alexander Bokovoy <aboko...@redhat.com>
wrote:

On Wed, 04 Mar 2015, Ben .T.George wrote:

HI

i have re-installed IPA with latest 4.1 version.

installed packages by using
https://copr.fedoraproject.org/coprs/mkosek/freeipa/ repos

# ipa-server-install went successfully without any error an it says the
same on log files

*[root@kwtpocpbis01 ~]# kinit admin*
*Password for admin@SOLIPA.LOCAL:*
*[root@kwtpocpbis01 ~]# klist*
*Ticket cache: KEYRING:persistent:0:0*
*Default principal: admin@SOLIPA.LOCAL*

*Valid starting       Expires              Service principal*
*03/04/2015 08:36:55  03/05/2015 08:36:51  krbtgt/SOLIPA.LOCAL@SOLIPA.
LOCAL*
*[root@kwtpocpbis01 ~]# geten*
*getenforce  getent*
*[root@kwtpocpbis01 ~]# getent passwd admin*
*admin:*:4400000:4400000:Administrator:/home/admin:/bin/bash*


*# ipa-adtrust-install --netbios-name=SOLIPA -a Passw0rd* also
successfully
went .

DNS is working fine as expected.

*[root@kwtpocpbis01 ~]# dig SRV _ldap._tcp.kwttestdc.com
<http://tcp.kwttestdc.com>*

*; <<>> DiG 9.9.4-RedHat-9.9.4-20.el7.centos.pkcs11 <<>> SRV
_ldap._tcp.kwttestdc.com <http://tcp.kwttestdc.com>*
*;; global options: +cmd*
*;; Got answer:*
*;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26944*
*;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2*

*;; OPT PSEUDOSECTION:*
*; EDNS: version: 0, flags:; udp: 4000*
*;; QUESTION SECTION:*
*;_ldap._tcp.kwttestdc.com <http://tcp.kwttestdc.com>.      IN      SRV*

*;; ANSWER SECTION:*
*_ldap._tcp.kwttestdc.com <http://tcp.kwttestdc.com>. 600   IN      SRV
0 100 389 kwttestdc001.kwttestdc.com <http://kwttestdc001.kwttestdc.com
>.*

*;; ADDITIONAL SECTION:*
*kwttestdc001.kwttestdc.com <http://kwttestdc001.kwttestdc.com>. 3600 IN
 A       172.16.104.231*

*;; Query time: 0 msec*
*;; SERVER: 172.16.104.231#53(172.16.104.231)*
*;; WHEN: Wed Mar 04 08:41:26 AST 2015*
*;; MSG SIZE  rcvd: 115*

*[root@kwtpocpbis01 ~]# dig SRV _ldap._tcp.solipa.local*

*; <<>> DiG 9.9.4-RedHat-9.9.4-20.el7.centos.pkcs11 <<>> SRV
_ldap._tcp.solipa.local*
*;; global options: +cmd*
*;; Got answer:*
*;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6196*
*;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2*

*;; OPT PSEUDOSECTION:*
*; EDNS: version: 0, flags:; udp: 4000*
*;; QUESTION SECTION:*
*;_ldap._tcp.solipa.local.       IN      SRV*

*;; ANSWER SECTION:*
*_ldap._tcp.solipa.local. 11944  IN      SRV     0 100 389
kwtpocpbis01.solipa.local.*

*;; ADDITIONAL SECTION:*
*kwtpocpbis01.solipa.local. 1200 IN      A       172.16.107.244*

*;; Query time: 2 msec*
*;; SERVER: 172.16.104.231#53(172.16.104.231)*
*;; WHEN: Wed Mar 04 08:41:34 AST 2015*
*;; MSG SIZE  rcvd: 113*

But when i try to trust add AD, i am getting error

[root@kwtpocpbis01 ~]# ipa trust-add --type=ad kwttestdc.com --admin
adm-ben.george --password
Active Directory domain administrator's password:
ipa: ERROR: AD DC was unable to reach any IPA domain controller. Most
likely it is a DNS or firewall issue

I checked from firewall status on both IPA and AD, and it was in off
state.

You really need to find out what is wrong between AD and IPA. The
message above is based on what AD DC reports back to IPA when it tried
to validate the trust and was not able to contact IPA DCs.

We cannot influence ourselves this part, as AD DC uses SRV records in
DNS to find out which domain controller to contact and if it fails to
contact us for any reason (firewall, DNS is broken from AD DC
perspective, routing brings it to a different IP address, etc), it will
complain like that and never proceed.

You may try to run tcpdump or wireshark and see what happens on the
network at the time of 'ipa trust-add', specifically, whom AD DC is
talking to and where it takes a DNS record.

--
/ Alexander Bokovoy




--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to