Alexander, here you go.
One thing that came to mind that might the a problem. My Active directory is 
adserver.addomain.comwhile IPA is ipax1.ipadomain; there is no suffix. Not sure 
if that would matter. 
Anyway here is the log as requested. 
Thank you.

 net ads lookup -d 10 -S  dc.addomain.comINFO: Current debug levels:  all: 10  
tdb: 10  printdrivers: 10  lanman: 10  smb: 10  rpc_parse: 10  rpc_srv: 10  
rpc_cli: 10  passdb: 10  sam: 10  auth: 10  winbind: 10  vfs: 10  idmap: 10  
quota: 10  acls: 10  locking: 10  msdfs: 10  dmapi: 10  registry: 10  
scavenger: 10  dns: 10  ldb: 10lp_load_ex: refreshing parametersInitialising 
global parametersrlimit_max: increasing rlimit_max (1024) to minimum Windows 
limit (16384)INFO: Current debug levels:  all: 10  tdb: 10  printdrivers: 10  
lanman: 10  smb: 10  rpc_parse: 10  rpc_srv: 10  rpc_cli: 10  passdb: 10  sam: 
10  auth: 10  winbind: 10  vfs: 10  idmap: 10  quota: 10  acls: 10  locking: 10 
 msdfs: 10  dmapi: 10  registry: 10  scavenger: 10  dns: 10  ldb: 10Processing 
section "[global]"doing parameter debug pid = yesdoing parameter config backend 
= registrypm_process() returned Yeslp_load_ex: changing to config backend 
registryFreeing parametrics:Initialising global parametersrlimit_max: 
increasing rlimit_max (1024) to minimum Windows limit (16384)INFO: Current 
debug levels:  all: 10  tdb: 10  printdrivers: 10  lanman: 10  smb: 10  
rpc_parse: 10  rpc_srv: 10  rpc_cli: 10  passdb: 10  sam: 10  auth: 10  
winbind: 10  vfs: 10  idmap: 10  quota: 10  acls: 10  locking: 10  msdfs: 10  
dmapi: 10  registry: 10  scavenger: 10  dns: 10  ldb: 10lp_load_ex: refreshing 
parametersInitialising global parametersrlimit_max: increasing rlimit_max 
(1024) to minimum Windows limit (16384)INFO: Current debug levels:  all: 10  
tdb: 10  printdrivers: 10  lanman: 10  smb: 10  rpc_parse: 10  rpc_srv: 10  
rpc_cli: 10  passdb: 10  sam: 10  auth: 10  winbind: 10  vfs: 10  idmap: 10  
quota: 10  acls: 10  locking: 10  msdfs: 10  dmapi: 10  registry: 10  
scavenger: 10  dns: 10  ldb: 10doing parameter registry shares = 
yesregistry_init_smbconf calledregdb_init: registry db openend. refcount reset 
(1)reghook_cache_init: new tree with default ops 0x7f2130163000 for key 
[]regdb_fetch_values: Looking for values of key 
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports]regdb_unpack_values: 
value[0]: name[Samba Printer Port] len[2]regdb_fetch_values: Looking for values 
of key [HKLM\SOFTWARE\Microsoft\Windows 
NT\CurrentVersion\Print\Printers]regdb_unpack_values: value[0]: 
name[DefaultSpoolDirectory] len[70]regdb_fetch_values: Looking for values of 
key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog]regdb_unpack_values: 
value[0]: name[DisplayName] len[20]regdb_unpack_values: value[1]: 
name[ErrorControl] len[4]regdb_fetch_values: Looking for values of key 
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog]regdb_unpack_values: value[0]: 
name[DisplayName] len[20]regdb_unpack_values: value[1]: name[ErrorControl] 
len[4]reghook_cache_add: Adding ops 0x7f2132ee2520 for key 
[\HKLM\SOFTWARE\Samba\smbconf]pathtree_add: Enterpathtree_add: Successfully 
added node [HKLM\SOFTWARE\Samba\smbconf] to treepathtree_add: Exitregdb_close: 
decrementing refcount (1->0)regdb_open: registry db opened. refcount reset 
(1)regkey_open_onelevel: name = [HKLM]regdb_open: incrementing refcount 
(1->2)reghook_cache_find: Searching for keyname [\HKLM]pathtree_find: Enter 
[\HKLM]pathtree_find: Exitreghook_cache_find: found ops 0x7f2130163000 for key 
[\HKLM]regkey_open_onelevel: name = [SOFTWARE]regdb_open: incrementing refcount 
(2->3)reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE]pathtree_find: 
Enter [\HKLM\SOFTWARE]pathtree_find: Exitreghook_cache_find: found ops 
0x7f2130163000 for key [\HKLM\SOFTWARE]regkey_open_onelevel: name = 
[Samba]regdb_open: incrementing refcount (3->4)reghook_cache_find: Searching 
for keyname [\HKLM\SOFTWARE\Samba]pathtree_find: Enter 
[\HKLM\SOFTWARE\Samba]pathtree_find: Exitreghook_cache_find: found ops 
0x7f2130163000 for key [\HKLM\SOFTWARE\Samba]regkey_open_onelevel: name = 
[smbconf]regdb_open: incrementing refcount (4->5)reghook_cache_find: Searching 
for keyname [\HKLM\SOFTWARE\Samba\smbconf]pathtree_find: Enter 
[\HKLM\SOFTWARE\Samba\smbconf]pathtree_find: Exitreghook_cache_find: found ops 
0x7f2132ee2520 for key [\HKLM\SOFTWARE\Samba\smbconf]regdb_close: decrementing 
refcount (5->4)regdb_close: decrementing refcount (4->3)regdb_close: 
decrementing refcount (3->2)process_registry_service: service name 
globalregkey_open_onelevel: name = [global]regdb_open: incrementing refcount 
(2->3)reghook_cache_find: Searching for keyname 
[\HKLM\SOFTWARE\Samba\smbconf\global]pathtree_find: Enter 
[\HKLM\SOFTWARE\Samba\smbconf\global]pathtree_find: Exitreghook_cache_find: 
found ops 0x7f2132ee2520 for key 
[\HKLM\SOFTWARE\Samba\smbconf\global]regdb_close: decrementing refcount 
(3->2)regkey_open_onelevel: name = [global]regdb_open: incrementing refcount 
(2->3)reghook_cache_find: Searching for keyname 
[\HKLM\SOFTWARE\Samba\smbconf\global]pathtree_find: Enter 
[\HKLM\SOFTWARE\Samba\smbconf\global]pathtree_find: Exitreghook_cache_find: 
found ops 0x7f2132ee2520 for key 
[\HKLM\SOFTWARE\Samba\smbconf\global]fetch_reg_values called for key 
'HKLM\SOFTWARE\Samba\smbconf\global' (ops 0x7f2132ee2520)regdb_fetch_values: 
Looking for values of key 
[HKLM\SOFTWARE\Samba\smbconf\global]regdb_unpack_values: value[0]: 
name[workgroup] len[8]regdb_unpack_values: value[1]: name[netbios name] 
len[12]regdb_unpack_values: value[2]: name[realm] len[8]regdb_unpack_values: 
value[3]: name[kerberos method] len[34]regdb_unpack_values: value[4]: 
name[dedicated keytab file] len[58]regdb_unpack_values: value[5]: name[create 
krb5 conf] len[6]regdb_unpack_values: value[6]: name[security] 
len[10]regdb_unpack_values: value[7]: name[domain master] 
len[8]regdb_unpack_values: value[8]: name[domain logons] 
len[8]regdb_unpack_values: value[9]: name[max log size] 
len[14]regdb_unpack_values: value[10]: name[log file] 
len[44]regdb_unpack_values: value[11]: name[passdb backend] 
len[94]regdb_unpack_values: value[12]: name[disable spoolss] 
len[8]regdb_unpack_values: value[13]: name[ldapsam:trusted] 
len[8]regdb_unpack_values: value[14]: name[ldap ssl] len[8]regdb_unpack_values: 
value[15]: name[ldap suffix] len[14]regdb_unpack_values: value[16]: name[ldap 
user suffix] len[42]regdb_unpack_values: value[17]: name[ldap group suffix] 
len[44]regdb_unpack_values: value[18]: name[ldap machine suffix] 
len[50]regdb_unpack_values: value[19]: name[rpc_server:epmapper] 
len[18]regdb_unpack_values: value[20]: name[rpc_server:lsarpc] 
len[18]regdb_unpack_values: value[21]: name[rpc_server:lsass] 
len[18]regdb_unpack_values: value[22]: name[rpc_server:lsasd] 
len[18]regdb_unpack_values: value[23]: name[rpc_server:samr] 
len[18]regdb_unpack_values: value[24]: name[rpc_server:netlogon] 
len[18]regdb_unpack_values: value[25]: name[rpc_server:tcpip] 
len[8]regdb_unpack_values: value[26]: name[rpc_daemon:epmd] 
len[10]regdb_unpack_values: value[27]: name[rpc_daemon:lsasd] 
len[10]regdb_unpack_values: value[28]: name[log level] len[8]regdb_close: 
decrementing refcount (3->2)Processing section "[global]"doing parameter 
workgroup = IPADOMAINdoing parameter netbios name = IPAX1doing parameter realm 
= IPADOMAINdoing parameter kerberos method = dedicated keytabdoing parameter 
dedicated keytab file = FILE:/etc/samba/samba.keytabdoing parameter create krb5 
conf = nodoing parameter security = userdoing parameter domain master = 
yesdoing parameter domain logons = yesdoing parameter max log size = 
100000doing parameter log file = /var/log/samba/log.%mdoing parameter passdb 
backend = ipasam:ldapi://%2fvar%2frun%2fslapd-IPADOMAIN.socketdoing parameter 
disable spoolss = yesdoing parameter ldapsam:trusted = yesdoing parameter ldap 
ssl = offdoing parameter ldap suffix = dc=ipadomaindoing parameter ldap user 
suffix = cn=users,cn=accountsdoing parameter ldap group suffix = 
cn=groups,cn=accountsdoing parameter ldap machine suffix = 
cn=computers,cn=accountsdoing parameter rpc_server:epmapper = externaldoing 
parameter rpc_server:lsarpc = externaldoing parameter rpc_server:lsass = 
externaldoing parameter rpc_server:lsasd = externaldoing parameter 
rpc_server:samr = externaldoing parameter rpc_server:netlogon = externaldoing 
parameter rpc_server:tcpip = yesdoing parameter rpc_daemon:epmd = forkdoing 
parameter rpc_daemon:lsasd = forkdoing parameter log level = 
100lp_servicenumber: couldn't find homesNetbios name 
list:-my_netbios_names[0]="IPAX1"added interface eno1 ip=<ipa srv ip> 
bcast=<ipa srv broadcast> netmask=255.255.255.0Registering messaging pointer 
for type 2 - private_data=(nil)Registering messaging pointer for type 9 - 
private_data=(nil)Registered MSG_REQ_POOL_USAGERegistering messaging pointer 
for type 11 - private_data=(nil)Registering messaging pointer for type 12 - 
private_data=(nil)Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGEDRegistering 
messaging pointer for type 1 - private_data=(nil)Registering messaging pointer 
for type 5 - private_data=(nil)Opening cache file at 
/var/lib/samba/gencache.tdbOpening cache file at 
/var/lib/samba/gencache_notrans.tdbsitename_fetch: No stored sitename for 
IPADOMAINinternal_resolve_name: looking up dc.addomain.com#20 (sitename 
(null))name dc.addomain.com#20 found.remove_duplicate_addrs2: looking for 
duplicate address/port pairsads_try_connect: sending CLDAP request to 
172.19.1.10 (realm: (null))ads_cldap_netlogon: did not get a 
replyads_try_connect: CLDAP request 172.19.1.10 failed.sitename_fetch: No 
stored sitename for IPADOMAINads_find_dc: (cldap) looking for domain 
'IPADOMAIN'get_sorted_dc_list: attempting lookup for name IPADOMAIN (sitename 
NULL)saf_fetch: failed to find server for "IPADOMAIN" domainget_dc_list: 
preferred server list: ", *"internal_resolve_name: looking up IPADOMAIN#1c 
(sitename (null))no entry for IPADOMAIN#1C found.resolve_lmhosts: Attempting 
lmhosts lookup for name IPADOMAIN<0x1c>resolve_lmhosts: Attempting lmhosts 
lookup for name IPADOMAIN<0x1c>getlmhostsent: lmhost entry: 127.0.0.1 
localhostresolve_wins: WINS server resolution selected and no WINS servers 
listed.resolve_hosts: not appropriate for name type <0x1c>name_resolve_bcast: 
Attempting broadcast lookup for name IPADOMAIN<0x1c>tstream_unix_connect 
failed: No such file or directorynmbd not aroundAdding 0 DC's from auto 
lookupget_dc_list: no servers foundads_connect: No logon serverssitename_fetch: 
No stored sitename for IPADOMAINinternal_resolve_name: looking up 
dc.addomain.com#20 (sitename (null))name dc.addomain.com#20 
found.remove_duplicate_addrs2: looking for duplicate address/port 
pairsads_try_connect: sending CLDAP request to 172.19.1.10 (realm: 
(null))ads_cldap_netlogon: did not get a replyads_try_connect: CLDAP request 
172.19.1.10 failed.sitename_fetch: No stored sitename for IPADOMAINads_find_dc: 
(cldap) looking for domain 'IPADOMAIN'get_sorted_dc_list: attempting lookup for 
name IPADOMAIN (sitename NULL)saf_fetch: failed to find server for "IPADOMAIN" 
domainget_dc_list: preferred server list: ", *"internal_resolve_name: looking 
up IPADOMAIN#1c (sitename (null))no entry for IPADOMAIN#1C 
found.resolve_lmhosts: Attempting lmhosts lookup for name 
IPADOMAIN<0x1c>resolve_lmhosts: Attempting lmhosts lookup for name 
IPADOMAIN<0x1c>getlmhostsent: lmhost entry: 127.0.0.1 localhostresolve_wins: 
WINS server resolution selected and no WINS servers listed.resolve_hosts: not 
appropriate for name type <0x1c>name_resolve_bcast: Attempting broadcast lookup 
for name IPADOMAIN<0x1c>tstream_unix_connect failed: No such file or 
directorynmbd not aroundAdding 0 DC's from auto lookupget_dc_list: no servers 
foundads_connect: No logon serversDidn't find the cldap server!return code = -1

      From: Alexander Bokovoy <aboko...@redhat.com>
 To: pgb205 <pgb...@yahoo.com> 
Cc: "freeipa-users@redhat.com" <freeipa-users@redhat.com>
 Sent: Friday, June 10, 2016 1:58 AM
 Subject: Re: [Freeipa-users] Can't establish trust with 2008 AD
   
On Fri, 10 Jun 2016, pgb205 wrote:
>The trust setup still results in
>Shared secret for the trust:: ERROR: CIFS server communication error: code 
>"None",                  message "NT_STATUS_IO_TIMEOUT" (both may be "None")
>If you want I can provide with logs.
Can you show output of

net ads lookup -d 10 -S dc.addomain.com

-- 
/ Alexander Bokovoy


  
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to