Hey all, I’m having a problem with integrating a FreeIPA4 infrastructure to an AD environment.
AD Domain is fioptics.int FreeIPA infrastructure is preprod.fioptics.int The AD Controller in this environment is at 10.32.145.134 The FreeIPA 4 server is at 10.32.146.40 I’m attaching the procedure that I’m using below for review. Everything works perfectly, even the DNS testing, up until I run the command to initiate the trust. Then it ALWAYS c comes back with unable to find server. The DNS tests I’ve done from AD and from IPA are also listed below. This procedure works flawlessly in the virtual test environment every time. There are NO firewalls between the IPA box and the AD box. Software firewalls on both boxes are down. Selinux is disabled. The only differences are 1. They are on different subnets but I don’t see how that should matter, and 2. There is a load balancer between them, but again DNS resolves and a nmap shows all the necessary ports are available. If anyone has any advice it would be greatly appreciated. I have to get this working asap for the deployment of the project. Thanks in advance. ————————— DNS Results ————————— Active Directory — Server: ppad01.fioptics.int Address: 10.32.145.134 _ldap._tcp.fioptics.int SRV service location: priority = 0 weight = 100 port = 389 svr hostname = mtad01.fioptics.int _ldap._tcp.fioptics.int SRV service location: priority = 0 weight = 100 port = 389 svr hostname = ppad01.fioptics.int _ldap._tcp.fioptics.int SRV service location: priority = 0 weight = 100 port = 389 svr hostname = p1ad01.fioptics.int _ldap._tcp.fioptics.int SRV service location: priority = 0 weight = 100 port = 389 svr hostname = mtad02.fioptics.int _ldap._tcp.fioptics.int SRV service location: priority = 0 weight = 100 port = 389 svr hostname = stad01.fioptics.int mtad01.fioptics.int internet address = 10.32.162.182 ppad01.fioptics.int internet address = 10.32.145.134 p1ad01.fioptics.int internet address = 10.32.129.134 mtad02.fioptics.int internet address = 10.32.130.182 stad01.fioptics.int internet address = 10.32.161.134 > _ldap._tcp.preprod.fioptics.int Server: ppad01.fioptics.int Address: 10.32.145.134 Non-authoritative answer: _ldap._tcp.preprod.fioptics.int SRV service location: priority = 0 weight = 100 port = 389 svr hostname = ppip01.preprod.fioptics.int _ldap._tcp.preprod.fioptics.int SRV service location: priority = 0 weight = 100 port = 389 svr hostname = ppip02.preprod.fioptics.int ppip01.preprod.fioptics.int internet address = 10.32.146.40 ppip01.preprod.fioptics.int internet address = 10.32.146.40 > ———— FreeIPA ———— [root@ppip01 ~]# dig srv _ldap._tcp.fioptics.int ; <<>> DiG 9.9.4-RedHat-9.9.4-20.el7.centos.pkcs11 <<>> srv _ldap._tcp.fioptics.int ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26858 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 13, ADDITIONAL: 6 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;_ldap._tcp.fioptics.int. IN SRV ;; ANSWER SECTION: _ldap._tcp.fioptics.int. 600 IN SRV 0 100 389 p1ad01.fioptics.int. _ldap._tcp.fioptics.int. 600 IN SRV 0 100 389 stad01.fioptics.int. _ldap._tcp.fioptics.int. 600 IN SRV 0 100 389 ppad01.fioptics.int. _ldap._tcp.fioptics.int. 600 IN SRV 0 100 389 mtad02.fioptics.int. _ldap._tcp.fioptics.int. 600 IN SRV 0 100 389 mtad01.fioptics.int. ;; AUTHORITY SECTION: . 11558 IN NS g.root-servers.net. . 11558 IN NS e.root-servers.net. . 11558 IN NS i.root-servers.net. . 11558 IN NS f.root-servers.net. . 11558 IN NS a.root-servers.net. . 11558 IN NS c.root-servers.net. . 11558 IN NS j.root-servers.net. . 11558 IN NS k.root-servers.net. . 11558 IN NS h.root-servers.net. . 11558 IN NS l.root-servers.net. . 11558 IN NS d.root-servers.net. . 11558 IN NS b.root-servers.net. . 11558 IN NS m.root-servers.net. ;; ADDITIONAL SECTION: ppad01.fioptics.int. 3057 IN A 10.32.145.134 p1ad01.fioptics.int. 3600 IN A 10.32.129.134 mtad02.fioptics.int. 3600 IN A 10.32.130.182 stad01.fioptics.int. 3600 IN A 10.32.161.134 mtad01.fioptics.int. 3600 IN A 10.32.162.182 ;; Query time: 1 msec ;; SERVER: 10.32.146.40#53(10.32.146.40) ;; WHEN: Tue Apr 07 09:56:29 EDT 2015 ;; MSG SIZE rcvd: 538 [root@ppip01 ~]# dig srv _ldap._tcp.preprod.fioptics.int ; <<>> DiG 9.9.4-RedHat-9.9.4-20.el7.centos.pkcs11 <<>> srv _ldap._tcp.preprod.fioptics.int ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28466 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;_ldap._tcp.preprod.fioptics.int. IN SRV ;; ANSWER SECTION: _ldap._tcp.preprod.fioptics.int. 86400 IN SRV 0 100 389 ppip02.preprod.fioptics.int. _ldap._tcp.preprod.fioptics.int. 86400 IN SRV 0 100 389 ppip01.preprod.fioptics.int. ;; AUTHORITY SECTION: preprod.fioptics.int. 86400 IN NS ppip02.preprod.fioptics.int. preprod.fioptics.int. 86400 IN NS ppip01.preprod.fioptics.int. ;; ADDITIONAL SECTION: ppip01.preprod.fioptics.int. 1200 IN A 10.32.146.40 ppip02.preprod.fioptics.int. 1200 IN A 10.32.146.41 ;; Query time: 0 msec ;; SERVER: 10.32.146.40#53(10.32.146.40) ;; WHEN: Tue Apr 07 09:56:44 EDT 2015 ;; MSG SIZE rcvd: 214 [root@ppip01 ~]# ———————————————————— Error Message ———————————————————— [root@ppip01 ~]# ipa trust-add --type=ad fioptics.int --server=ppad01.fioptics.int --admin serviceipa --password Active Directory domain administrator's password: ipa: ERROR: Cannot find specified domain or server name [root@ppip01 ~]# * Note - I have tried this with the Administrator account and that didn’t work either. Regards, ------------------------------------------ Aric Wilisch awili...@gmail.com -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project