Sorry, I've read ipv6.disable=1 in this article http://www.freeipa.org/page/Active_Directory_trust_setup#Prerequisites, I understood wrong this prerequisite and went directly to the next chapter, in my mind I was conviced that IPv6 must be disabled :)
I will try with IPv6 enabled, and then I will tell you if it is ok. Thanks, Morgan 2015-09-09 18:53 GMT+02:00 Alexander Bokovoy <aboko...@redhat.com>: > On Wed, 09 Sep 2015, Morgan Marodin wrote: > >> Hi Alexander >> >> IPv6 stack is disabled on my RHEL like distro, v 7 x64, but is enable on >> my >> WIndows 2012. >> I have read in a freeipa article to disable IPv6. >> > Sorry, and why you did decide to disable IPv6 stack? FreeIPA article > explicitly talks about not disabling IPv6. > > Samba and FreeIPA LDAP code require working IPv6 stack on the machine. > You can have a system without IPv6 addresses but do not disable the > infrastructure. All contemporary networking applications are written > with the idea that you can use IPv6-only functions and work on both IPv4 > and IPv6 at the same time. See ipv6(7) manual page: > > ---- > IPv4 connections can be handled with the v6 API by using the > v4-mapped-on-v6 address type; thus a program needs to support only this > API type to support both protocols. This is handled transparently by the > address handling functions in the C library. > > IPv4 and IPv6 share the local port space. When you get an IPv4 > connection or packet to a IPv6 socket, its source address will be mapped > to v6 and it will be mapped to v6. > ---- > > > > I've 2 Domain Controller with Windows Server 2012 and (at this time) one >> new freeipa server, just installed, in the same network. >> AD REALM is MYDOMAIN.COM and IPA REALM is IPA.MYDOMAIN.COM. >> I've installed bind in IPA that contains only ipa.mydomain.com zone. >> In AD servers is configured mydomain.com zone, with ipa.mydomain.com >> delegation to linux server (192.168.0.65). >> > > > Do you have other question of my setup? >> Let me know, thanks. >> Morgan >> >> >> 2015-09-09 16:01 GMT+02:00 Alexander Bokovoy <aboko...@redhat.com>: >> >> On Wed, 09 Sep 2015, Morgan Marodin wrote: >>> >>> Hi Alexander. >>>> >>>> Ok, after enabling debugging I have these logs: >>>> ------------------------------------------------------------------- >>>> ==> /var/log/httpd/error_log <== >>>> INFO: Current debug levels: >>>> all: 100 >>>> tdb: 100 >>>> printdrivers: 100 >>>> lanman: 100 >>>> smb: 100 >>>> rpc_parse: 100 >>>> rpc_srv: 100 >>>> rpc_cli: 100 >>>> passdb: 100 >>>> sam: 100 >>>> auth: 100 >>>> winbind: 100 >>>> vfs: 100 >>>> idmap: 100 >>>> quota: 100 >>>> acls: 100 >>>> locking: 100 >>>> msdfs: 100 >>>> dmapi: 100 >>>> registry: 100 >>>> scavenger: 100 >>>> dns: 100 >>>> ldb: 100 >>>> pm_process() returned Yes >>>> GENSEC backend 'gssapi_spnego' registered >>>> GENSEC backend 'gssapi_krb5' registered >>>> GENSEC backend 'gssapi_krb5_sasl' registered >>>> GENSEC backend 'sasl-DIGEST-MD5' registered >>>> GENSEC backend 'spnego' registered >>>> GENSEC backend 'schannel' registered >>>> GENSEC backend 'sasl-EXTERNAL' registered >>>> GENSEC backend 'ntlmssp' registered >>>> Using binding ncacn_np:srv01.ipa.mydomain.com[,] >>>> s4_tevent: Added timed event "dcerpc_connect_timeout_handler": >>>> 0x7f8a3c224990 >>>> s4_tevent: Added timed event "composite_trigger": 0x7f8a3c042170 >>>> s4_tevent: Added timed event "composite_trigger": 0x7f8a3c25b4a0 >>>> s4_tevent: Running timer event 0x7f8a3c042170 "composite_trigger" >>>> s4_tevent: Destroying timer event 0x7f8a3c25b4a0 "composite_trigger" >>>> Mapped to DCERPC endpoint \pipe\lsarpc >>>> added interface eth0 ip=192.168.0.65 bcast=192.168.0.255 >>>> netmask=255.255.255.0 >>>> added interface eth0 ip=192.168.0.65 bcast=192.168.0.255 >>>> netmask=255.255.255.0 >>>> >>>> Do you have IPv6 stack enabled? >>> >>> [2015/09/09 08:45:05.032211, 50, pid=11196, effective(0, 0), real(0, 0)] >>> >>>> ../lib/util/tevent_debug.c:63(samba_tevent_debug) >>>> s3_tevent: Schedule immediate event "tevent_req_trigger": >>>> 0x7f7118a92cf0 >>>> [2015/09/09 08:45:05.032282, 50, pid=11196, effective(0, 0), real(0, >>>> 0)] >>>> ../lib/util/tevent_debug.c:63(samba_tevent_debug) >>>> s3_tevent: Run immediate event "tevent_req_trigger": 0x7f7118a92cf0 >>>> [2015/09/09 08:45:05.032353, 4, pid=11196, effective(217400000, >>>> 217400000), real(217400000, 0)] >>>> ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) >>>> pop_sec_ctx (217400000, 217400000) - sec_ctx_stack_ndx = 0 >>>> [2015/09/09 08:45:05.032421, 2, pid=11196, effective(217400000, >>>> 217400000), real(217400000, 0), class=rpc_srv] >>>> ../source3/rpc_server/rpc_ncacn_np.c:630(make_external_rpc_pipe_p) >>>> tstream_npa_connect_recv to /run/samba/ncalrpc/np for pipe lsarpc and >>>> user IPA\admin failed: No such file or directory >>>> >>>> I'm particularly worrying about his one -- /run/samba/ncalrpc/np pipe >>> has to be there. >>> >>> Can you explain what is your setup in detail? >>> >>> -- >>> / Alexander Bokovoy >>> >>> >> >> >> -- >> Morgan Marodin >> email: mor...@marodin.it >> mobile: +39.3477829069 >> > > -- > / Alexander Bokovoy > -- Morgan Marodin email: mor...@marodin.it mobile: +39.3477829069
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project