Re: [Freeipa-users] AD --> IPA trust --::-- ipa: ERROR: Insufficient access: CIFS server denied your credentials

Fri, 10 Apr 2015 23:43:13 -0700 

On Sat, 11 Apr 2015, g.fer.or...@unicyber.co.uk wrote:

Guys

Anyway of simply skipping the CIFS mount credentials bit?
I do not actually need the AD CIFS at this point.

What do you mean by that?

Establishing trust uses SMB protocols family, it is not using 'CIFS
mount' but file system operations are part of SMB protocols family,
along with authentication, authorization, domain and trust management.

Your 'Admin' user on AD side should be member of either Enteprise
Admins, Domain Admins of the forest root domain, or Schema Admins
groups. See
https://technet.microsoft.com/en-us/library/cc755700%28v=ws.10%29.aspx
for details.



ipa trust-add --type=ad ad.domain.com --admin Admin  --password
Active Directory domain administrator's password:
ipa: ERROR: Insufficient access: CIFS server <ad.domain.com> denied your credentials 

---
ot NTLMSSP neg_flags=0x60088205
 NTLMSSP_NEGOTIATE_UNICODE
 NTLMSSP_REQUEST_TARGET
 NTLMSSP_NEGOTIATE_NTLM
 NTLMSSP_NEGOTIATE_ALWAYS_SIGN
 NTLMSSP_NEGOTIATE_NTLM2
 NTLMSSP_NEGOTIATE_128
 NTLMSSP_NEGOTIATE_KEY_EXCH
s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7f31e9911d50
s4_tevent: Destroying timer event 0x7f31e9911d50 "dcerpc_timeout_handler" 
dcerpc: alter_resp - rpc fault: WERR_ACCESS_DENIED
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7f31e99093a0
s4_tevent: Run immediate event "tevent_req_trigger": 0x7f31e99093a0
Failed to bind to uuid 12345778-1234-abcd-ef00-0123456789ab for 12345778-1234-abcd-ef00-012345678...@ad.ad.domain.com[49155] NT_STATUS_LOGON_FAILURE s4_tevent: Destroying timer event 0x7f31e80539d0 "dcerpc_connect_timeout_handler" [Sat Apr 11 06:00:17.408265 2015] [:error] [pid 25074] ipa: INFO: [jsonserver_session] ad...@linux.domain.com: trust_add(u'domain.com', trust_type=u'ad', realm_admin=Admin', realm_passwd=u'********', all=False, raw=False, version=u'2.114'): ACIError 

----

This is freeipa-server-4.1.4-1.el7.centos.x86_64

Thanks!!

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project


--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to