Re: [Freeipa-users] IPA ERROR: non-public: TypeError -- ipa trust-add internal server error
On Fri, Jul 03, 2015 at 03:30:38PM +0100, David Fox wrote: > On 2015-07-02 12:47, Sumit Bose wrote: > >On Wed, Jul 01, 2015 at 02:37:44PM +0100, David Fox wrote: > >>I am encountering issues trying to integrate FreeIPA with AD, on *nix > >>promp > >>I get "internal server rror" and within I receive the following message > >>in > >>httpd_errorlog. > >> > > > >It looks like we as AD if it already has a trust to a domain called > >'ipa.*redacted*' and > > > >>rpc reply data: > >>[] 00 00 02 00 06 00 00 00 03 00 00 00 00 00 00 00 > >> > >> lsa_QueryTrustedDomainInfoByName: struct > >>lsa_QueryTrustedDomainInfoByName > >>in: struct lsa_QueryTrustedDomainInfoByName > >>handle : * > >>handle: struct policy_handle > >>handle_type : 0x (0) > >>uuid : > >>0593f50d-b3c4-4b0a-b3d7-f502da1ea0e6 > >>trusted_domain : * > >>trusted_domain: struct lsa_String > >>length : 0x001a (26) > >>size : 0x001a (26) > >>string : * > >>string : 'ipa.*redacted*' > >>level: LSA_TRUSTED_DOMAIN_INFO_FULL_INFO > >>(8) > >>rpc request data: > >>[] 00 00 00 00 0D F5 93 05 C4 B3 0A 4B B3 D7 F5 02 > >>...K > >>[0010] DA 1E A0 E6 1A 00 1A 00 00 00 02 00 0D 00 00 00 > >> > >>[0020] 00 00 00 00 0D 00 00 00 69 00 70 00 61 00 2E 00 > >>i.p.a... > >>[0030] 68 00 73 00 61 00 2E 00 63 00 6F 00 2E 00 75 00 a... c.o...u. > >>[0040] 6B 00 08 00 k... > >>s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fdde0230710 > >>s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7fdde00ef550 > >>s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fdde0230710 > >>s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fdde0230710 > >>num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, > >>data_total=92, this_data=92, max_data=4280, param_offset=84, > >>param_pad=2, > >>param_disp=0, data_offset=84, data_pad=0, data_disp=0 > >>s4_tevent: Added timed event "tevent_req_timedout": 0x7fdde00ee2f0 > >>smb_signing_md5: sequence number 14 > >>smb_signing_sign_pdu: sent SMB signature of > >>[] B0 93 27 43 EE 4A 37 94..'C.J7. > >>s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger": > >>0x7fdde00f5a60 > >>s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fdde0230710 > >>s4_tevent: Run immediate event "tevent_queue_immediate_trigger": > >>0x7fdde00f5a60 > >>smb_signing_md5: sequence number 15 > >>smb_signing_check_pdu: seq 15: got good SMB signature of > >>[] 8F F4 5B 5F 27 39 4C 42..[_'9LB > >>s4_tevent: Destroying timer event 0x7fdde00ee2f0 "tevent_req_timedout" > >>s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fdde050c440 > >>s4_tevent: Run immediate event "tevent_req_trigger": 0x7fdde050c440 > >>s4_tevent: Destroying timer event 0x7fdde00ef550 > >>"dcerpc_timeout_handler" > >>s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fdde05110e0 > >>s4_tevent: Run immediate event "tevent_req_trigger": 0x7fdde05110e0 > >> lsa_QueryTrustedDomainInfoByName: struct > >>lsa_QueryTrustedDomainInfoByName > >>out: struct lsa_QueryTrustedDomainInfoByName > >>info : * > >>info : * > >>info : union > >>lsa_TrustedDomainInfo(case 8) > >>full_info: struct lsa_TrustDomainInfoFullInfo > >>info_ex: struct lsa_TrustDomainInfoInfoEx > >>domain_name: struct lsa_StringLarge > >>length : 0x001a (26) > >>size : 0x001c (28) > >>string : * > >>string : > >>'ipa.*redacted*' > >>netbios_name: struct lsa_StringLarge > >>length : 0x001a (26) > >>size : 0x001c (28) > >>string : * > >>string : > >>'ipa.*redacted*' > >>sid : NULL > >>trust_direction : 0x0003 (3) > >> 1: LSA_TRUST_DIRECTION_INBOUND > >> 1: LSA_TRUST_DIRECTION_OUTBOUND > >>trust_type : > >>LSA_TRUST_
Re: [Freeipa-users] IPA ERROR: non-public: TypeError -- ipa trust-add internal server error
On 2015-07-02 12:47, Sumit Bose wrote: On Wed, Jul 01, 2015 at 02:37:44PM +0100, David Fox wrote: I am encountering issues trying to integrate FreeIPA with AD, on *nix promp I get "internal server rror" and within I receive the following message in httpd_errorlog. It looks like we as AD if it already has a trust to a domain called 'ipa.*redacted*' and rpc reply data: [] 00 00 02 00 06 00 00 00 03 00 00 00 00 00 00 00 lsa_QueryTrustedDomainInfoByName: struct lsa_QueryTrustedDomainInfoByName in: struct lsa_QueryTrustedDomainInfoByName handle : * handle: struct policy_handle handle_type : 0x (0) uuid : 0593f50d-b3c4-4b0a-b3d7-f502da1ea0e6 trusted_domain : * trusted_domain: struct lsa_String length : 0x001a (26) size : 0x001a (26) string : * string : 'ipa.*redacted*' level: LSA_TRUSTED_DOMAIN_INFO_FULL_INFO (8) rpc request data: [] 00 00 00 00 0D F5 93 05 C4 B3 0A 4B B3 D7 F5 02 ...K [0010] DA 1E A0 E6 1A 00 1A 00 00 00 02 00 0D 00 00 00 [0020] 00 00 00 00 0D 00 00 00 69 00 70 00 61 00 2E 00 i.p.a... [0030] 68 00 73 00 61 00 2E 00 63 00 6F 00 2E 00 75 00 a... c.o...u. [0040] 6B 00 08 00 k... s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fdde0230710 s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7fdde00ef550 s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fdde0230710 s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fdde0230710 num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=92, this_data=92, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 s4_tevent: Added timed event "tevent_req_timedout": 0x7fdde00ee2f0 smb_signing_md5: sequence number 14 smb_signing_sign_pdu: sent SMB signature of [] B0 93 27 43 EE 4A 37 94..'C.J7. s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7fdde00f5a60 s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fdde0230710 s4_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7fdde00f5a60 smb_signing_md5: sequence number 15 smb_signing_check_pdu: seq 15: got good SMB signature of [] 8F F4 5B 5F 27 39 4C 42..[_'9LB s4_tevent: Destroying timer event 0x7fdde00ee2f0 "tevent_req_timedout" s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fdde050c440 s4_tevent: Run immediate event "tevent_req_trigger": 0x7fdde050c440 s4_tevent: Destroying timer event 0x7fdde00ef550 "dcerpc_timeout_handler" s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fdde05110e0 s4_tevent: Run immediate event "tevent_req_trigger": 0x7fdde05110e0 lsa_QueryTrustedDomainInfoByName: struct lsa_QueryTrustedDomainInfoByName out: struct lsa_QueryTrustedDomainInfoByName info : * info : * info : union lsa_TrustedDomainInfo(case 8) full_info: struct lsa_TrustDomainInfoFullInfo info_ex: struct lsa_TrustDomainInfoInfoEx domain_name: struct lsa_StringLarge length : 0x001a (26) size : 0x001c (28) string : * string : 'ipa.*redacted*' netbios_name: struct lsa_StringLarge length : 0x001a (26) size : 0x001c (28) string : * string : 'ipa.*redacted*' sid : NULL trust_direction : 0x0003 (3) 1: LSA_TRUST_DIRECTION_INBOUND 1: LSA_TRUST_DIRECTION_OUTBOUND trust_type : LSA_TRUST_TYPE_MIT and knows this domain already because a trust to the Kerberos realm was already created. If possible please remove the Kerberos trust from the AD side and try again. Please note that you cannot have trust to two realms which share the same realm name. HTH bye, Sumit (3) trust_attributes : 0x (0) 0: LS
Re: [Freeipa-users] IPA ERROR: non-public: TypeError -- ipa trust-add internal server error
On Wed, Jul 01, 2015 at 02:37:44PM +0100, David Fox wrote: > I am encountering issues trying to integrate FreeIPA with AD, on *nix promp > I get "internal server rror" and within I receive the following message in > httpd_errorlog. > It looks like we as AD if it already has a trust to a domain called 'ipa.*redacted*' and > rpc reply data: > [] 00 00 02 00 06 00 00 00 03 00 00 00 00 00 00 00 > lsa_QueryTrustedDomainInfoByName: struct > lsa_QueryTrustedDomainInfoByName > in: struct lsa_QueryTrustedDomainInfoByName > handle : * > handle: struct policy_handle > handle_type : 0x (0) > uuid : > 0593f50d-b3c4-4b0a-b3d7-f502da1ea0e6 > trusted_domain : * > trusted_domain: struct lsa_String > length : 0x001a (26) > size : 0x001a (26) > string : * > string : 'ipa.*redacted*' > level: LSA_TRUSTED_DOMAIN_INFO_FULL_INFO (8) > rpc request data: > [] 00 00 00 00 0D F5 93 05 C4 B3 0A 4B B3 D7 F5 02 ...K > [0010] DA 1E A0 E6 1A 00 1A 00 00 00 02 00 0D 00 00 00 > [0020] 00 00 00 00 0D 00 00 00 69 00 70 00 61 00 2E 00 i.p.a... > [0030] 68 00 73 00 61 00 2E 00 63 00 6F 00 2E 00 75 00 a... c.o...u. > [0040] 6B 00 08 00 k... > s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fdde0230710 > s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7fdde00ef550 > s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fdde0230710 > s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7fdde0230710 > num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, > data_total=92, this_data=92, max_data=4280, param_offset=84, param_pad=2, > param_disp=0, data_offset=84, data_pad=0, data_disp=0 > s4_tevent: Added timed event "tevent_req_timedout": 0x7fdde00ee2f0 > smb_signing_md5: sequence number 14 > smb_signing_sign_pdu: sent SMB signature of > [] B0 93 27 43 EE 4A 37 94..'C.J7. > s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger": > 0x7fdde00f5a60 > s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7fdde0230710 > s4_tevent: Run immediate event "tevent_queue_immediate_trigger": > 0x7fdde00f5a60 > smb_signing_md5: sequence number 15 > smb_signing_check_pdu: seq 15: got good SMB signature of > [] 8F F4 5B 5F 27 39 4C 42..[_'9LB > s4_tevent: Destroying timer event 0x7fdde00ee2f0 "tevent_req_timedout" > s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fdde050c440 > s4_tevent: Run immediate event "tevent_req_trigger": 0x7fdde050c440 > s4_tevent: Destroying timer event 0x7fdde00ef550 "dcerpc_timeout_handler" > s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7fdde05110e0 > s4_tevent: Run immediate event "tevent_req_trigger": 0x7fdde05110e0 > lsa_QueryTrustedDomainInfoByName: struct > lsa_QueryTrustedDomainInfoByName > out: struct lsa_QueryTrustedDomainInfoByName > info : * > info : * > info : union > lsa_TrustedDomainInfo(case 8) > full_info: struct lsa_TrustDomainInfoFullInfo > info_ex: struct lsa_TrustDomainInfoInfoEx > domain_name: struct lsa_StringLarge > length : 0x001a (26) > size : 0x001c (28) > string : * > string : > 'ipa.*redacted*' > netbios_name: struct lsa_StringLarge > length : 0x001a (26) > size : 0x001c (28) > string : * > string : > 'ipa.*redacted*' > sid : NULL > trust_direction : 0x0003 (3) >1: LSA_TRUST_DIRECTION_INBOUND >1: LSA_TRUST_DIRECTION_OUTBOUND > trust_type : LSA_TRUST_TYPE_MIT and knows this domain already because a trust to the Kerberos realm was already created. If possible please remove the Kerberos trust from the AD side and try again. Please note that you cannot have trust to two realms which share the same realm name. HTH bye, Sumit > (3) >
Re: [Freeipa-users] IPA ERROR: non-public: TypeError -- ipa trust-add internal server error
On Thu, 02 Jul 2015, David Fox wrote: self._pipe.DeleteTrustedDomain(self._policy_handle, res.info_ex.sid) [Tue Jun 30 13:17:01.369330 2015] [:error] [pid 1063] TypeError: default/librpc/gen_ndr/py_lsa.c:9436: Expected type 'security.dom_sid' for 'py_dom_sid' of type 'NoneType' [Tue Jun 30 13:17:01.369648 2015] [:error] [pid 1063] ipa: INFO: [jsonserver_session] admin@IPA.*redacted*: trust_add(u'*redacted*', trust_type=u'ad', realm_admin=u'*redacted*', realm_passwd=u'', all=False, raw=False, version=u'2.112'): TypeError These are whole logs with "log level = 100" set in smb.conf.empty. Log files were emptied before the above command was ran. If there is any other information required please let me know. Software versions: Fedora 22: 4.1.4 Fedora 22: 4.2 Alpha 1 Oracle Linux 7.1 64bit: without DNS ipa-server.x86_64 - 4.1.0-18.0.1-el17_1.3 ipa-server-trust-ad.x86_64 - 4.1.0-18.0.1-el17_1.3 CentOS 7.1 64bit: With DNS ipa-server.x86_64 - 4.1.0-18-el7.centos.3 ipa-server-trust-ad.x86_64 - 4.1.0-18-el7.centos.3 It is unclear from your report what exact distro causing this issue for you. Is this with Fedora 22 (e.g. Samba 4.2)? This error isn't limited to just one distro. I've tried three different distros which all throw the same error as above. Then it means Samba - Windows interoperability issue. I need: - network trace between IPA server and your AD DC for all relevant ports - unredacted error_log like above - Samba logs with log level 100 (net conf setparm global 'log level' 100) Sent them to me privately. -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] IPA ERROR: non-public: TypeError -- ipa trust-add internal server error
On 2015-07-01 19:34, Alexander Bokovoy wrote: On Wed, 01 Jul 2015, David Fox wrote: I am encountering issues trying to integrate FreeIPA with AD, on *nix promp I get "internal server rror" and within I receive the following message in httpd_errorlog. [0070] 00 00 00 00 0D 00 00 00 69 00 70 00 61 00 2E 00 i.p.a... [0080] 68 00 73 00 61 00 2E 00 63 00 6F 00 2E 00 75 00 ... c.o...u. [0090] 6B 00 00 00 00 00 00 00k... [Tue Jun 30 13:17:01.369249 2015] [:error] [pid 1063] ipa: ERROR: non-public: TypeError: default/librpc/gen_ndr/py_lsa.c:9436: Expected type 'security.dom_sid' for 'py_dom_sid' of type 'NoneType' [Tue Jun 30 13:17:01.369285 2015] [:error] [pid 1063] Traceback (most recent call last): [Tue Jun 30 13:17:01.369289 2015] [:error] [pid 1063] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 348, in wsgi_execute [Tue Jun 30 13:17:01.369292 2015] [:error] [pid 1063] result = self.Command[name](*args, **options) [Tue Jun 30 13:17:01.369294 2015] [:error] [pid 1063] File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 439, in __call__ [Tue Jun 30 13:17:01.369303 2015] [:error] [pid 1063] ret = self.run(*args, **options) [Tue Jun 30 13:17:01.369306 2015] [:error] [pid 1063] File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 754, in run [Tue Jun 30 13:17:01.369308 2015] [:error] [pid 1063] return self.execute(*args, **options) [Tue Jun 30 13:17:01.369310 2015] [:error] [pid 1063] File "/usr/lib/python2.7/site-packages/ipalib/plugins/trust.py", line 474, in execute [Tue Jun 30 13:17:01.369313 2015] [:error] [pid 1063] result = self.execute_ad(full_join, *keys, **options) [Tue Jun 30 13:17:01.369315 2015] [:error] [pid 1063] File "/usr/lib/python2.7/site-packages/ipalib/plugins/trust.py", line 709, in execute_ad [Tue Jun 30 13:17:01.369318 2015] [:error] [pid 1063] self.realm_passwd [Tue Jun 30 13:17:01.369320 2015] [:error] [pid 1063] File "/usr/lib/python2.7/site-packages/ipaserver/dcerpc.py", line 1222, in join_ad_full_credentials [Tue Jun 30 13:17:01.369323 2015] [:error] [pid 1063] self.remote_domain.establish_trust(self.local_domain, trustdom_pass) [Tue Jun 30 13:17:01.369325 2015] [:error] [pid 1063] File "/usr/lib/python2.7/site-packages/ipaserver/dcerpc.py", line 963, in establish_trust [Tue Jun 30 13:17:01.369327 2015] [:error] [pid 1063] self._pipe.DeleteTrustedDomain(self._policy_handle, res.info_ex.sid) [Tue Jun 30 13:17:01.369330 2015] [:error] [pid 1063] TypeError: default/librpc/gen_ndr/py_lsa.c:9436: Expected type 'security.dom_sid' for 'py_dom_sid' of type 'NoneType' [Tue Jun 30 13:17:01.369648 2015] [:error] [pid 1063] ipa: INFO: [jsonserver_session] admin@IPA.*redacted*: trust_add(u'*redacted*', trust_type=u'ad', realm_admin=u'*redacted*', realm_passwd=u'', all=False, raw=False, version=u'2.112'): TypeError These are whole logs with "log level = 100" set in smb.conf.empty. Log files were emptied before the above command was ran. If there is any other information required please let me know. Software versions: Fedora 22: 4.1.4 Fedora 22: 4.2 Alpha 1 Oracle Linux 7.1 64bit: without DNS ipa-server.x86_64 - 4.1.0-18.0.1-el17_1.3 ipa-server-trust-ad.x86_64 - 4.1.0-18.0.1-el17_1.3 CentOS 7.1 64bit: With DNS ipa-server.x86_64 - 4.1.0-18-el7.centos.3 ipa-server-trust-ad.x86_64 - 4.1.0-18-el7.centos.3 It is unclear from your report what exact distro causing this issue for you. Is this with Fedora 22 (e.g. Samba 4.2)? This error isn't limited to just one distro. I've tried three different distros which all throw the same error as above. CentOS 7.1 Samba - 4.1.12 Python 2.7.5 FreeIPA - 4.1.0 Oracle Linux 7.1 Samba - 4.1.12 Python 2.7.5 FreeIPA - 4.1.0 Fedora 22 Samba - 4.2.2 Python - 2.7.10 FreeIPA - 4.2.0 Regards, David -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] IPA ERROR: non-public: TypeError -- ipa trust-add internal server error
On Wed, 01 Jul 2015, David Fox wrote: I am encountering issues trying to integrate FreeIPA with AD, on *nix promp I get "internal server rror" and within I receive the following message in httpd_errorlog. [0070] 00 00 00 00 0D 00 00 00 69 00 70 00 61 00 2E 00 i.p.a... [0080] 68 00 73 00 61 00 2E 00 63 00 6F 00 2E 00 75 00 ... c.o...u. [0090] 6B 00 00 00 00 00 00 00k... [Tue Jun 30 13:17:01.369249 2015] [:error] [pid 1063] ipa: ERROR: non-public: TypeError: default/librpc/gen_ndr/py_lsa.c:9436: Expected type 'security.dom_sid' for 'py_dom_sid' of type 'NoneType' [Tue Jun 30 13:17:01.369285 2015] [:error] [pid 1063] Traceback (most recent call last): [Tue Jun 30 13:17:01.369289 2015] [:error] [pid 1063] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 348, in wsgi_execute [Tue Jun 30 13:17:01.369292 2015] [:error] [pid 1063] result = self.Command[name](*args, **options) [Tue Jun 30 13:17:01.369294 2015] [:error] [pid 1063] File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 439, in __call__ [Tue Jun 30 13:17:01.369303 2015] [:error] [pid 1063] ret = self.run(*args, **options) [Tue Jun 30 13:17:01.369306 2015] [:error] [pid 1063] File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 754, in run [Tue Jun 30 13:17:01.369308 2015] [:error] [pid 1063] return self.execute(*args, **options) [Tue Jun 30 13:17:01.369310 2015] [:error] [pid 1063] File "/usr/lib/python2.7/site-packages/ipalib/plugins/trust.py", line 474, in execute [Tue Jun 30 13:17:01.369313 2015] [:error] [pid 1063] result = self.execute_ad(full_join, *keys, **options) [Tue Jun 30 13:17:01.369315 2015] [:error] [pid 1063] File "/usr/lib/python2.7/site-packages/ipalib/plugins/trust.py", line 709, in execute_ad [Tue Jun 30 13:17:01.369318 2015] [:error] [pid 1063] self.realm_passwd [Tue Jun 30 13:17:01.369320 2015] [:error] [pid 1063] File "/usr/lib/python2.7/site-packages/ipaserver/dcerpc.py", line 1222, in join_ad_full_credentials [Tue Jun 30 13:17:01.369323 2015] [:error] [pid 1063] self.remote_domain.establish_trust(self.local_domain, trustdom_pass) [Tue Jun 30 13:17:01.369325 2015] [:error] [pid 1063] File "/usr/lib/python2.7/site-packages/ipaserver/dcerpc.py", line 963, in establish_trust [Tue Jun 30 13:17:01.369327 2015] [:error] [pid 1063] self._pipe.DeleteTrustedDomain(self._policy_handle, res.info_ex.sid) [Tue Jun 30 13:17:01.369330 2015] [:error] [pid 1063] TypeError: default/librpc/gen_ndr/py_lsa.c:9436: Expected type 'security.dom_sid' for 'py_dom_sid' of type 'NoneType' [Tue Jun 30 13:17:01.369648 2015] [:error] [pid 1063] ipa: INFO: [jsonserver_session] admin@IPA.*redacted*: trust_add(u'*redacted*', trust_type=u'ad', realm_admin=u'*redacted*', realm_passwd=u'', all=False, raw=False, version=u'2.112'): TypeError These are whole logs with "log level = 100" set in smb.conf.empty. Log files were emptied before the above command was ran. If there is any other information required please let me know. Software versions: Fedora 22: 4.1.4 Fedora 22: 4.2 Alpha 1 Oracle Linux 7.1 64bit: without DNS ipa-server.x86_64 - 4.1.0-18.0.1-el17_1.3 ipa-server-trust-ad.x86_64 - 4.1.0-18.0.1-el17_1.3 CentOS 7.1 64bit: With DNS ipa-server.x86_64 - 4.1.0-18-el7.centos.3 ipa-server-trust-ad.x86_64 - 4.1.0-18-el7.centos.3 It is unclear from your report what exact distro causing this issue for you. Is this with Fedora 22 (e.g. Samba 4.2)? -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project