Alexander, here you go.
One thing that came to mind that might the a problem. My Active directory is
adserver.addomain.comwhile IPA is ipax1.ipadomain; there is no suffix. Not sure
if that would matter.
Anyway here is the log as requested.
Thank you.
net ads lookup -d 10 -S dc.addomain.comINFO: Current debug levels: all: 10
tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10
rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10
quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10
scavenger: 10 dns: 10 ldb: 10lp_load_ex: refreshing parametersInitialising
global parametersrlimit_max: increasing rlimit_max (1024) to minimum Windows
limit (16384)INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10
lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam:
10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10
msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10Processing
section "[global]"doing parameter debug pid = yesdoing parameter config backend
= registrypm_process() returned Yeslp_load_ex: changing to config backend
registryFreeing parametrics:Initialising global parametersrlimit_max:
increasing rlimit_max (1024) to minimum Windows limit (16384)INFO: Current
debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10
rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10
winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10
dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10lp_load_ex: refreshing
parametersInitialising global parametersrlimit_max: increasing rlimit_max
(1024) to minimum Windows limit (16384)INFO: Current debug levels: all: 10
tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10
rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10
quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10
scavenger: 10 dns: 10 ldb: 10doing parameter registry shares =
yesregistry_init_smbconf calledregdb_init: registry db openend. refcount reset
(1)reghook_cache_init: new tree with default ops 0x7f2130163000 for key
[]regdb_fetch_values: Looking for values of key
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports]regdb_unpack_values:
value[0]: name[Samba Printer Port] len[2]regdb_fetch_values: Looking for values
of key [HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Print\Printers]regdb_unpack_values: value[0]:
name[DefaultSpoolDirectory] len[70]regdb_fetch_values: Looking for values of
key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog]regdb_unpack_values:
value[0]: name[DisplayName] len[20]regdb_unpack_values: value[1]:
name[ErrorControl] len[4]regdb_fetch_values: Looking for values of key
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog]regdb_unpack_values: value[0]:
name[DisplayName] len[20]regdb_unpack_values: value[1]: name[ErrorControl]
len[4]reghook_cache_add: Adding ops 0x7f2132ee2520 for key
[\HKLM\SOFTWARE\Samba\smbconf]pathtree_add: Enterpathtree_add: Successfully
added node [HKLM\SOFTWARE\Samba\smbconf] to treepathtree_add: Exitregdb_close:
decrementing refcount (1->0)regdb_open: registry db opened. refcount reset
(1)regkey_open_onelevel: name = [HKLM]regdb_open: incrementing refcount
(1->2)reghook_cache_find: Searching for keyname [\HKLM]pathtree_find: Enter
[\HKLM]pathtree_find: Exitreghook_cache_find: found ops 0x7f2130163000 for key
[\HKLM]regkey_open_onelevel: name = [SOFTWARE]regdb_open: incrementing refcount
(2->3)reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE]pathtree_find:
Enter [\HKLM\SOFTWARE]pathtree_find: Exitreghook_cache_find: found ops
0x7f2130163000 for key [\HKLM\SOFTWARE]regkey_open_onelevel: name =
[Samba]regdb_open: incrementing refcount (3->4)reghook_cache_find: Searching
for keyname [\HKLM\SOFTWARE\Samba]pathtree_find: Enter
[\HKLM\SOFTWARE\Samba]pathtree_find: Exitreghook_cache_find: found ops
0x7f2130163000 for key [\HKLM\SOFTWARE\Samba]regkey_open_onelevel: name =
[smbconf]regdb_open: incrementing refcount (4->5)reghook_cache_find: Searching
for keyname [\HKLM\SOFTWARE\Samba\smbconf]pathtree_find: Enter
[\HKLM\SOFTWARE\Samba\smbconf]pathtree_find: Exitreghook_cache_find: found ops
0x7f2132ee2520 for key [\HKLM\SOFTWARE\Samba\smbconf]regdb_close: decrementing
refcount (5->4)regdb_close: decrementing refcount (4->3)regdb_close:
decrementing refcount (3->2)process_registry_service: service name
globalregkey_open_onelevel: name = [global]regdb_open: incrementing refcount
(2->3)reghook_cache_find: Searching for keyname
[\HKLM\SOFTWARE\Samba\smbconf\global]pathtree_find: Enter
[\HKLM\SOFTWARE\Samba\smbconf\global]pathtree_find: Exitreghook_cache_find:
found ops 0x7f2132ee2520 for key
[\HKLM\SOFTWARE\Samba\smbconf\global]regdb_close: decrementing refcount
(3->2)regkey_open_onelevel: name = [global]regdb_open: incrementing refcount
(2->3)reghook_cache_find: Searching for keyname
[\HKLM\SOFTWARE\Samba\smbconf\global]pathtree_find: Enter
[\HKLM\SOFTWARE\Samba\smbconf\global]pathtree_find: Exitreghook_cache_find:
found ops 0x7f2132ee2520 for key
[\HKLM\SOFTWARE\Samba\smbconf\global]fetch_reg_values called for key
'HKLM\SOFTWARE\Samba\smbconf\global' (ops 0x7f2132ee2520)regdb_fetch_values:
Looking for values of key
[HKLM\SOFTWARE\Samba\smbconf\global]regdb_unpack_values: value[0]:
name[workgroup] len[8]regdb_unpack_values: value[1]: name[netbios name]
len[12]regdb_unpack_values: value[2]: name[realm] len[8]regdb_unpack_values:
value[3]: name[kerberos method] len[34]regdb_unpack_values: value[4]:
name[dedicated keytab file] len[58]regdb_unpack_values: value[5]: name[create
krb5 conf] len[6]regdb_unpack_values: value[6]: name[security]
len[10]regdb_unpack_values: value[7]: name[domain master]
len[8]regdb_unpack_values: value[8]: name[domain logons]
len[8]regdb_unpack_values: value[9]: name[max log size]
len[14]regdb_unpack_values: value[10]: name[log file]
len[44]regdb_unpack_values: value[11]: name[passdb backend]
len[94]regdb_unpack_values: value[12]: name[disable spoolss]
len[8]regdb_unpack_values: value[13]: name[ldapsam:trusted]
len[8]regdb_unpack_values: value[14]: name[ldap ssl] len[8]regdb_unpack_values:
value[15]: name[ldap suffix] len[14]regdb_unpack_values: value[16]: name[ldap
user suffix] len[42]regdb_unpack_values: value[17]: name[ldap group suffix]
len[44]regdb_unpack_values: value[18]: name[ldap machine suffix]
len[50]regdb_unpack_values: value[19]: name[rpc_server:epmapper]
len[18]regdb_unpack_values: value[20]: name[rpc_server:lsarpc]
len[18]regdb_unpack_values: value[21]: name[rpc_server:lsass]
len[18]regdb_unpack_values: value[22]: name[rpc_server:lsasd]
len[18]regdb_unpack_values: value[23]: name[rpc_server:samr]
len[18]regdb_unpack_values: value[24]: name[rpc_server:netlogon]
len[18]regdb_unpack_values: value[25]: name[rpc_server:tcpip]
len[8]regdb_unpack_values: value[26]: name[rpc_daemon:epmd]
len[10]regdb_unpack_values: value[27]: name[rpc_daemon:lsasd]
len[10]regdb_unpack_values: value[28]: name[log level] len[8]regdb_close:
decrementing refcount (3->2)Processing section "[global]"doing parameter
workgroup = IPADOMAINdoing parameter netbios name = IPAX1doing parameter realm
= IPADOMAINdoing parameter kerberos method = dedicated keytabdoing parameter
dedicated keytab file = FILE:/etc/samba/samba.keytabdoing parameter create krb5
conf = nodoing parameter security = userdoing parameter domain master =
yesdoing parameter domain logons = yesdoing parameter max log size =
100000doing parameter log file = /var/log/samba/log.%mdoing parameter passdb
backend = ipasam:ldapi://%2fvar%2frun%2fslapd-IPADOMAIN.socketdoing parameter
disable spoolss = yesdoing parameter ldapsam:trusted = yesdoing parameter ldap
ssl = offdoing parameter ldap suffix = dc=ipadomaindoing parameter ldap user
suffix = cn=users,cn=accountsdoing parameter ldap group suffix =
cn=groups,cn=accountsdoing parameter ldap machine suffix =
cn=computers,cn=accountsdoing parameter rpc_server:epmapper = externaldoing
parameter rpc_server:lsarpc = externaldoing parameter rpc_server:lsass =
externaldoing parameter rpc_server:lsasd = externaldoing parameter
rpc_server:samr = externaldoing parameter rpc_server:netlogon = externaldoing
parameter rpc_server:tcpip = yesdoing parameter rpc_daemon:epmd = forkdoing
parameter rpc_daemon:lsasd = forkdoing parameter log level =
100lp_servicenumber: couldn't find homesNetbios name
list:-my_netbios_names[0]="IPAX1"added interface eno1 ip=<ipa srv ip>
bcast=<ipa srv broadcast> netmask=255.255.255.0Registering messaging pointer
for type 2 - private_data=(nil)Registering messaging pointer for type 9 -
private_data=(nil)Registered MSG_REQ_POOL_USAGERegistering messaging pointer
for type 11 - private_data=(nil)Registering messaging pointer for type 12 -
private_data=(nil)Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGEDRegistering
messaging pointer for type 1 - private_data=(nil)Registering messaging pointer
for type 5 - private_data=(nil)Opening cache file at
/var/lib/samba/gencache.tdbOpening cache file at
/var/lib/samba/gencache_notrans.tdbsitename_fetch: No stored sitename for
IPADOMAINinternal_resolve_name: looking up dc.addomain.com#20 (sitename
(null))name dc.addomain.com#20 found.remove_duplicate_addrs2: looking for
duplicate address/port pairsads_try_connect: sending CLDAP request to
172.19.1.10 (realm: (null))ads_cldap_netlogon: did not get a
replyads_try_connect: CLDAP request 172.19.1.10 failed.sitename_fetch: No
stored sitename for IPADOMAINads_find_dc: (cldap) looking for domain
'IPADOMAIN'get_sorted_dc_list: attempting lookup for name IPADOMAIN (sitename
NULL)saf_fetch: failed to find server for "IPADOMAIN" domainget_dc_list:
preferred server list: ", *"internal_resolve_name: looking up IPADOMAIN#1c
(sitename (null))no entry for IPADOMAIN#1C found.resolve_lmhosts: Attempting
lmhosts lookup for name IPADOMAIN<0x1c>resolve_lmhosts: Attempting lmhosts
lookup for name IPADOMAIN<0x1c>getlmhostsent: lmhost entry: 127.0.0.1
localhostresolve_wins: WINS server resolution selected and no WINS servers
listed.resolve_hosts: not appropriate for name type <0x1c>name_resolve_bcast:
Attempting broadcast lookup for name IPADOMAIN<0x1c>tstream_unix_connect
failed: No such file or directorynmbd not aroundAdding 0 DC's from auto
lookupget_dc_list: no servers foundads_connect: No logon serverssitename_fetch:
No stored sitename for IPADOMAINinternal_resolve_name: looking up
dc.addomain.com#20 (sitename (null))name dc.addomain.com#20
found.remove_duplicate_addrs2: looking for duplicate address/port
pairsads_try_connect: sending CLDAP request to 172.19.1.10 (realm:
(null))ads_cldap_netlogon: did not get a replyads_try_connect: CLDAP request
172.19.1.10 failed.sitename_fetch: No stored sitename for IPADOMAINads_find_dc:
(cldap) looking for domain 'IPADOMAIN'get_sorted_dc_list: attempting lookup for
name IPADOMAIN (sitename NULL)saf_fetch: failed to find server for "IPADOMAIN"
domainget_dc_list: preferred server list: ", *"internal_resolve_name: looking
up IPADOMAIN#1c (sitename (null))no entry for IPADOMAIN#1C
found.resolve_lmhosts: Attempting lmhosts lookup for name
IPADOMAIN<0x1c>resolve_lmhosts: Attempting lmhosts lookup for name
IPADOMAIN<0x1c>getlmhostsent: lmhost entry: 127.0.0.1 localhostresolve_wins:
WINS server resolution selected and no WINS servers listed.resolve_hosts: not
appropriate for name type <0x1c>name_resolve_bcast: Attempting broadcast lookup
for name IPADOMAIN<0x1c>tstream_unix_connect failed: No such file or
directorynmbd not aroundAdding 0 DC's from auto lookupget_dc_list: no servers
foundads_connect: No logon serversDidn't find the cldap server!return code = -1
From: Alexander Bokovoy <[email protected]>
To: pgb205 <[email protected]>
Cc: "[email protected]" <[email protected]>
Sent: Friday, June 10, 2016 1:58 AM
Subject: Re: [Freeipa-users] Can't establish trust with 2008 AD
On Fri, 10 Jun 2016, pgb205 wrote:
>The trust setup still results in
>Shared secret for the trust:: ERROR: CIFS server communication error: code
>"None", message "NT_STATUS_IO_TIMEOUT" (both may be "None")
>If you want I can provide with logs.
Can you show output of
net ads lookup -d 10 -S dc.addomain.com
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
