Re: [Freeipa-users] Help: Rebooted IPA server and AD Trust shows offline

2014-06-30 Thread Sumit Bose
On Fri, Jun 27, 2014 at 02:23:47PM -0400, Mark Gardner wrote:
 Was trying to add an external ad group to IPA, it kept failing with unable
 to connect to server.
 
 Figured I'd reboot to clear things up.  Oops.
 
 Now wbinfo --online-status shows are AD as offline.
 wbinfo -u shows blank
 
 wbinfo -n 'DOMAIN\user' gives the following message:
 
 failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
 could not lookup 'Domain\user'

There might be various reasons for this issue. To debug this winbindd
logs are needed.
Please

- call net conf setparm global 'log level' 10 on the command lien
- stop smbd and winbindd
- remove (or save at a different location) the log files in
  /var/log/samba
- start smbd and winbindd
- run wbinfo -n 'DOMAIN\user' again
- check /var/log/samba/wb-ADDOMAIN for errors

Feel free to send the log to the list or directly to me if you think the
file is too large for a mailing-list or if it might contain sensitive
information.

bye,
Sumit
 
 I saw a similar post in the freeipa-users archive about adding
 client min protocol = CORE
 client max protocol = SMB2_02
 to the samba config; restarted winbind and still getting errors
 
 FreeIPA 3.0
 Windows 2008 R2.

 -- 
 Manage your subscription for the Freeipa-users mailing list:
 https://www.redhat.com/mailman/listinfo/freeipa-users
 Go To http://freeipa.org for more info on the project

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project


Re: [Freeipa-users] Help: Rebooted IPA server and AD Trust shows offline

2014-06-27 Thread Johan Petersson
Hi,

Probably there are better ways to solve this issue but the way that works for 
me is to validate the trust from the AD side after a reboot of the IPA Server - 
it always shows as offline for me too. On 2012 Server you can do this through 
Active Directory Domains and Trusts - properties on your domain and go to trust 
tab - properties again. Next you press validate on the General tab. AD will ask 
for authentication but that can be skipped.
AD Trust will be back online right away and you can check it through wbinfo 
--online-status.

Probably the procedure are similar on Server 2008.

Johan

From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
behalf of Mark Gardner [malek...@gmail.com]
Sent: Friday, June 27, 2014 20:23
To: freeipa-users
Subject: [Freeipa-users] Help: Rebooted IPA server and AD Trust shows offline

Was trying to add an external ad group to IPA, it kept failing with unable to 
connect to server.

Figured I'd reboot to clear things up.  Oops.

Now wbinfo --online-status shows are AD as offline.
wbinfo -u shows blank

wbinfo -n 'DOMAIN\user' gives the following message:

failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
could not lookup 'Domain\user'

I saw a similar post in the freeipa-users archive about adding
client min protocol = CORE
client max protocol = SMB2_02
to the samba config; restarted winbind and still getting errors

FreeIPA 3.0
Windows 2008 R2.

This e-mail is private and confidential between the sender and the addressee.
In the event of misdirection, the recipient is prohibited from using, copying 
or disseminating it or any information in it. Please notify the above if any 
misdirection.
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project