On to, 13 huhti 2017, Tiemen Ruiten wrote:
Apologies, now with proper subject.
On 13 April 2017 at 16:49, Tiemen Ruiten <t.rui...@rdmedia.com> wrote:
As I understand from this
it should be possible to setup a trust between FreeIPA and Samba4. My AD
domain is clients.i.rdmedia.com, it's a subdomain of my FreeIPA domain,
i.rdmedia.com. Therefore I added a global forwarder on the Samba AD DC to
one of the FreeIPA replica's and lookup of SRV records in both domains
appears to work.
However when I try to add the trust I get "ipa: ERROR an internal error
has occurred". I ran the trust-add command with full debug logging as
described on https://www.freeipa.org/page/Active_Directory_trust_setup#
Debugging_trust, so I can provide these logs privately upon request.
I suspect some DNS-issue, as right after I try to setup the trust, dynamic
updates stop working on the AD Domain Controller with this error:
tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor
code may provide more information, Minor = Server DNS/fluorine.clients.i.
rdmedia....@i.rdmedia.com not found in Kerberos database.
Failed nsupdate: 1
update(nsupdate): SRV _ldap._tcp.Default-First-Site-Name._
Calling nsupdate for SRV _ldap._tcp.Default-First-Site-Name._
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
clients.i.rdmedia.com. 900 IN SRV 0 100 389 fluorine.clients.i.rdmedia.com
Many thanks in advance for your assistance.
It would help if you would provide more details on your setup. The above
doesn't give a clue on:
- what are FreeIPA and Samba AD DC versions
- on what OS versions they run, correspondingly
- what DNS zones each of them control
- what commands did you run
/ Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project