On Sat, 11 Apr 2015, g.fer.or...@unicyber.co.uk wrote:
Guys
Anyway of simply skipping the CIFS mount credentials bit?
I do not actually need the AD CIFS at this point.
What do you mean by that?
Establishing trust uses SMB protocols family, it is not using 'CIFS
mount' but file system operations are part of SMB protocols family,
along with authentication, authorization, domain and trust management.
Your 'Admin' user on AD side should be member of either Enteprise
Admins, Domain Admins of the forest root domain, or Schema Admins
groups. See
https://technet.microsoft.com/en-us/library/cc755700%28v=ws.10%29.aspx
for details.
ipa trust-add --type=ad ad.domain.com --admin Admin --password
Active Directory domain administrator's password:
ipa: ERROR: Insufficient access: CIFS server <ad.domain.com> denied
your credentials
---
ot NTLMSSP neg_flags=0x60088205
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7f31e9911d50
s4_tevent: Destroying timer event 0x7f31e9911d50
"dcerpc_timeout_handler"
dcerpc: alter_resp - rpc fault: WERR_ACCESS_DENIED
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7f31e99093a0
s4_tevent: Run immediate event "tevent_req_trigger": 0x7f31e99093a0
Failed to bind to uuid 12345778-1234-abcd-ef00-0123456789ab for
12345778-1234-abcd-ef00-012345678...@ad.ad.domain.com[49155]
NT_STATUS_LOGON_FAILURE
s4_tevent: Destroying timer event 0x7f31e80539d0
"dcerpc_connect_timeout_handler"
[Sat Apr 11 06:00:17.408265 2015] [:error] [pid 25074] ipa: INFO:
[jsonserver_session] ad...@linux.domain.com: trust_add(u'domain.com',
trust_type=u'ad', realm_admin=Admin', realm_passwd=u'********',
all=False, raw=False, version=u'2.114'): ACIError
----
This is freeipa-server-4.1.4-1.el7.centos.x86_64
Thanks!!
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project