On Wed, 09 Sep 2015, Morgan Marodin wrote:
Hi Alexander

IPv6 stack is disabled on my RHEL like distro, v 7 x64, but is enable on my
WIndows 2012.
I have read in a freeipa article to disable IPv6.
Sorry, and why you did decide to disable IPv6 stack? FreeIPA article
explicitly talks about not disabling IPv6.

Samba and FreeIPA LDAP code require working IPv6 stack on the machine.
You can have a system without IPv6 addresses but do not disable the
infrastructure. All contemporary networking applications are written
with the idea that you can use IPv6-only functions and work on both IPv4
and IPv6 at the same time. See ipv6(7) manual page:

----
IPv4 connections can be handled with the v6 API by using the
v4-mapped-on-v6 address type; thus a program needs to support only this
API type to support both protocols. This is handled transparently by the
address handling functions in the C library.

IPv4 and IPv6 share the local port space.  When you get an IPv4
connection or packet to a IPv6 socket, its source address will be mapped
to v6 and it will be mapped to v6.
----


I've 2 Domain Controller with Windows Server 2012 and (at this time) one
new freeipa server, just installed, in the same network.
AD REALM is MYDOMAIN.COM and IPA REALM is IPA.MYDOMAIN.COM.
I've installed bind in IPA that contains only ipa.mydomain.com zone.
In AD servers is configured mydomain.com zone, with ipa.mydomain.com
delegation to linux server (192.168.0.65).


Do you have other question of my setup?
Let me know, thanks.
Morgan


2015-09-09 16:01 GMT+02:00 Alexander Bokovoy <aboko...@redhat.com>:

On Wed, 09 Sep 2015, Morgan Marodin wrote:

Hi Alexander.

Ok, after enabling debugging I have these logs:
-------------------------------------------------------------------
==> /var/log/httpd/error_log <==
INFO: Current debug levels:
 all: 100
 tdb: 100
 printdrivers: 100
 lanman: 100
 smb: 100
 rpc_parse: 100
 rpc_srv: 100
 rpc_cli: 100
 passdb: 100
 sam: 100
 auth: 100
 winbind: 100
 vfs: 100
 idmap: 100
 quota: 100
 acls: 100
 locking: 100
 msdfs: 100
 dmapi: 100
 registry: 100
 scavenger: 100
 dns: 100
 ldb: 100
pm_process() returned Yes
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'sasl-DIGEST-MD5' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
Using binding ncacn_np:srv01.ipa.mydomain.com[,]
s4_tevent: Added timed event "dcerpc_connect_timeout_handler":
0x7f8a3c224990
s4_tevent: Added timed event "composite_trigger": 0x7f8a3c042170
s4_tevent: Added timed event "composite_trigger": 0x7f8a3c25b4a0
s4_tevent: Running timer event 0x7f8a3c042170 "composite_trigger"
s4_tevent: Destroying timer event 0x7f8a3c25b4a0 "composite_trigger"
Mapped to DCERPC endpoint \pipe\lsarpc
added interface eth0 ip=192.168.0.65 bcast=192.168.0.255
netmask=255.255.255.0
added interface eth0 ip=192.168.0.65 bcast=192.168.0.255
netmask=255.255.255.0

Do you have IPv6 stack enabled?

[2015/09/09 08:45:05.032211, 50, pid=11196, effective(0, 0), real(0, 0)]
../lib/util/tevent_debug.c:63(samba_tevent_debug)
 s3_tevent: Schedule immediate event "tevent_req_trigger": 0x7f7118a92cf0
[2015/09/09 08:45:05.032282, 50, pid=11196, effective(0, 0), real(0, 0)]
../lib/util/tevent_debug.c:63(samba_tevent_debug)
 s3_tevent: Run immediate event "tevent_req_trigger": 0x7f7118a92cf0
[2015/09/09 08:45:05.032353,  4, pid=11196, effective(217400000,
217400000), real(217400000, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx)
 pop_sec_ctx (217400000, 217400000) - sec_ctx_stack_ndx = 0
[2015/09/09 08:45:05.032421,  2, pid=11196, effective(217400000,
217400000), real(217400000, 0), class=rpc_srv]
../source3/rpc_server/rpc_ncacn_np.c:630(make_external_rpc_pipe_p)
 tstream_npa_connect_recv  to /run/samba/ncalrpc/np for pipe lsarpc and
user IPA\admin failed: No such file or directory

I'm particularly worrying about his one -- /run/samba/ncalrpc/np pipe
has to be there.

Can you explain what is your setup in detail?

--
/ Alexander Bokovoy




--
Morgan Marodin
email: mor...@marodin.it
mobile: +39.3477829069

--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to