Re: [Freeipa-users] Trouble verifying domain trust IPA 3.0, AD 2012
On Fri, Mar 15, 2013 at 09:38:04AM +, Dale Macartney wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Morning all I have setup the domain trust set up and have errors when trying to map groups from AD to IPA Environment is IPA 3.0 on RHEL 6.4 and Windows 2012 When adding groups, I get the following. [root@ds01 ~]# ipa group-add --desc='Active Directory Domain Admins external map' domain_admins_map --external [root@ds01 ~]# ipa group-add-member domain_admins_map --external 'NT\Domain Admins' [member user]: [member group]: ipa: ERROR: cannot connect to u'https://ds01.example.com/ipa/session/xml': Internal Server Error [root@ds01 ~]# When the above error occurs I see the following in /var/log/httpd/error_log == /var/log/httpd/error_log == [Fri Mar 15 09:35:15 2013] [error] ipa: ERROR: release_ipa_ccache: ccache_name (FILE:/var/run/ipa_memcached/krbcc_5374) != KRB5CCNAME environment variable (/var/run/ipa_memcached/krbcc_TDN) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] mod_wsgi (pid=5374): Exception occurred processing WSGI script '/usr/share/ipa/wsgi.py'. [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] Traceback (most recent call last): [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/share/ipa/wsgi.py, line 49, in application [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] return api.Backend.wsgi_dispatch(environ, start_response) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/rpcserver.py, line 248, in __call__ [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] return self.route(environ, start_response) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/rpcserver.py, line 260, in route [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] return app(environ, start_response) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/rpcserver.py, line 1193, in __call__ [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] response = super(xmlserver_session, self).__call__(environ, start_response) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/rpcserver.py, line 709, in __call__ [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] response = super(xmlserver, self).__call__(environ, start_response) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/rpcserver.py, line 375, in __call__ [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] response = self.wsgi_execute(environ) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/rpcserver.py, line 334, in wsgi_execute [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] result = self.Command[name](*args, **options) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipalib/frontend.py, line 435, in __call__ [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] ret = self.run(*args, **options) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipalib/frontend.py, line 747, in run [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] return self.execute(*args, **options) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py, line 1590, in execute [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] **options) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipalib/plugins/group.py, line 387, in post_callback [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] actual_sid = domain_validator.get_sid_trusted_domain_object(sid) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/dcerpc.py, line 212, in get_sid_trusted_domain_object [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] entry = self.resolve_against_gc(domain, components['name']) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/dcerpc.py, line 285, in resolve_against_gc [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] entry = self.__resolve_against_gc(info, host, port, name) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/dcerpc.py, line 315, in __resolve_against_gc [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] conn.sasl_interactive_bind_s(None, sasl_auth) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py, line 566, in sasl_interactive_bind_s [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] return
Re: [Freeipa-users] Trouble verifying domain trust IPA 3.0, AD 2012
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/15/2013 09:52 AM, Sumit Bose wrote: On Fri, Mar 15, 2013 at 09:38:04AM +, Dale Macartney wrote: Morning all I have setup the domain trust set up and have errors when trying to map groups from AD to IPA Environment is IPA 3.0 on RHEL 6.4 and Windows 2012 When adding groups, I get the following. [root@ds01 ~]# ipa group-add --desc='Active Directory Domain Admins external map' domain_admins_map --external [root@ds01 ~]# ipa group-add-member domain_admins_map --external 'NT\Domain Admins' [member user]: [member group]: ipa: ERROR: cannot connect to u'https://ds01.example.com/ipa/session/xml': Internal Server Error [root@ds01 ~]# When the above error occurs I see the following in /var/log/httpd/error_log == /var/log/httpd/error_log == [Fri Mar 15 09:35:15 2013] [error] ipa: ERROR: release_ipa_ccache: ccache_name (FILE:/var/run/ipa_memcached/krbcc_5374) != KRB5CCNAME environment variable (/var/run/ipa_memcached/krbcc_TDN) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] mod_wsgi (pid=5374): Exception occurred processing WSGI script '/usr/share/ipa/wsgi.py'. [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] Traceback (most recent call last): [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/share/ipa/wsgi.py, line 49, in application [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] return api.Backend.wsgi_dispatch(environ, start_response) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/rpcserver.py, line 248, in __call__ [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] return self.route(environ, start_response) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/rpcserver.py, line 260, in route [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] return app(environ, start_response) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/rpcserver.py, line 1193, in __call__ [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] response = super(xmlserver_session, self).__call__(environ, start_response) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/rpcserver.py, line 709, in __call__ [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] response = super(xmlserver, self).__call__(environ, start_response) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/rpcserver.py, line 375, in __call__ [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] response = self.wsgi_execute(environ) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/rpcserver.py, line 334, in wsgi_execute [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] result = self.Command[name](*args, **options) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipalib/frontend.py, line 435, in __call__ [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] ret = self.run(*args, **options) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipalib/frontend.py, line 747, in run [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] return self.execute(*args, **options) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py, line 1590, in execute [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] **options) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipalib/plugins/group.py, line 387, in post_callback [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] actual_sid = domain_validator.get_sid_trusted_domain_object(sid) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/dcerpc.py, line 212, in get_sid_trusted_domain_object [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] entry = self.resolve_against_gc(domain, components['name']) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/dcerpc.py, line 285, in resolve_against_gc [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] entry = self.__resolve_against_gc(info, host, port, name) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/dcerpc.py, line 315, in __resolve_against_gc [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] conn.sasl_interactive_bind_s(None, sasl_auth) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py, line 566, in sasl_interactive_bind_s [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] return self.conn.sasl_interactive_bind_s(who, auth, serverctrls, clientctrls, sasl_flags) [Fri
Re: [Freeipa-users] Trouble verifying domain trust IPA 3.0, AD 2012
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/15/2013 10:03 AM, Dale Macartney wrote: On 03/15/2013 09:52 AM, Sumit Bose wrote: On Fri, Mar 15, 2013 at 09:38:04AM +, Dale Macartney wrote: Morning all I have setup the domain trust set up and have errors when trying to map groups from AD to IPA Environment is IPA 3.0 on RHEL 6.4 and Windows 2012 When adding groups, I get the following. [root@ds01 ~]# ipa group-add --desc='Active Directory Domain Admins external map' domain_admins_map --external [root@ds01 ~]# ipa group-add-member domain_admins_map --external 'NT\Domain Admins' [member user]: [member group]: ipa: ERROR: cannot connect to u'https://ds01.example.com/ipa/session/xml': Internal Server Error [root@ds01 ~]# When the above error occurs I see the following in /var/log/httpd/error_log == /var/log/httpd/error_log == [Fri Mar 15 09:35:15 2013] [error] ipa: ERROR: release_ipa_ccache: ccache_name (FILE:/var/run/ipa_memcached/krbcc_5374) != KRB5CCNAME environment variable (/var/run/ipa_memcached/krbcc_TDN) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] mod_wsgi (pid=5374): Exception occurred processing WSGI script '/usr/share/ipa/wsgi.py'. [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] Traceback (most recent call last): [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/share/ipa/wsgi.py, line 49, in application [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] return api.Backend.wsgi_dispatch(environ, start_response) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/rpcserver.py, line 248, in __call__ [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] return self.route(environ, start_response) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/rpcserver.py, line 260, in route [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] return app(environ, start_response) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/rpcserver.py, line 1193, in __call__ [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] response = super(xmlserver_session, self).__call__(environ, start_response) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/rpcserver.py, line 709, in __call__ [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] response = super(xmlserver, self).__call__(environ, start_response) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/rpcserver.py, line 375, in __call__ [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] response = self.wsgi_execute(environ) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/rpcserver.py, line 334, in wsgi_execute [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] result = self.Command[name](*args, **options) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipalib/frontend.py, line 435, in __call__ [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] ret = self.run(*args, **options) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipalib/frontend.py, line 747, in run [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] return self.execute(*args, **options) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py, line 1590, in execute [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] **options) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipalib/plugins/group.py, line 387, in post_callback [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] actual_sid = domain_validator.get_sid_trusted_domain_object(sid) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/dcerpc.py, line 212, in get_sid_trusted_domain_object [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] entry = self.resolve_against_gc(domain, components['name']) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/dcerpc.py, line 285, in resolve_against_gc [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] entry = self.__resolve_against_gc(info, host, port, name) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/dcerpc.py, line 315, in __resolve_against_gc [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] conn.sasl_interactive_bind_s(None, sasl_auth) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py, line 566, in sasl_interactive_bind_s [Fri
Re: [Freeipa-users] Trouble verifying domain trust IPA 3.0, AD 2012
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/15/2013 10:06 AM, Dale Macartney wrote: On 03/15/2013 10:03 AM, Dale Macartney wrote: On 03/15/2013 09:52 AM, Sumit Bose wrote: On Fri, Mar 15, 2013 at 09:38:04AM +, Dale Macartney wrote: Morning all I have setup the domain trust set up and have errors when trying to map groups from AD to IPA Environment is IPA 3.0 on RHEL 6.4 and Windows 2012 When adding groups, I get the following. [root@ds01 ~]# ipa group-add --desc='Active Directory Domain Admins external map' domain_admins_map --external [root@ds01 ~]# ipa group-add-member domain_admins_map --external 'NT\Domain Admins' [member user]: [member group]: ipa: ERROR: cannot connect to u'https://ds01.example.com/ipa/session/xml': Internal Server Error [root@ds01 ~]# When the above error occurs I see the following in /var/log/httpd/error_log == /var/log/httpd/error_log == [Fri Mar 15 09:35:15 2013] [error] ipa: ERROR: release_ipa_ccache: ccache_name (FILE:/var/run/ipa_memcached/krbcc_5374) != KRB5CCNAME environment variable (/var/run/ipa_memcached/krbcc_TDN) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] mod_wsgi (pid=5374): Exception occurred processing WSGI script '/usr/share/ipa/wsgi.py'. [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] Traceback (most recent call last): [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/share/ipa/wsgi.py, line 49, in application [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] return api.Backend.wsgi_dispatch(environ, start_response) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/rpcserver.py, line 248, in __call__ [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] return self.route(environ, start_response) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/rpcserver.py, line 260, in route [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] return app(environ, start_response) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/rpcserver.py, line 1193, in __call__ [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] response = super(xmlserver_session, self).__call__(environ, start_response) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/rpcserver.py, line 709, in __call__ [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] response = super(xmlserver, self).__call__(environ, start_response) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/rpcserver.py, line 375, in __call__ [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] response = self.wsgi_execute(environ) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/rpcserver.py, line 334, in wsgi_execute [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] result = self.Command[name](*args, **options) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipalib/frontend.py, line 435, in __call__ [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] ret = self.run(*args, **options) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipalib/frontend.py, line 747, in run [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] return self.execute(*args, **options) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py, line 1590, in execute [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] **options) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipalib/plugins/group.py, line 387, in post_callback [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] actual_sid = domain_validator.get_sid_trusted_domain_object(sid) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/dcerpc.py, line 212, in get_sid_trusted_domain_object [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] entry = self.resolve_against_gc(domain, components['name']) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/dcerpc.py, line 285, in resolve_against_gc [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] entry = self.__resolve_against_gc(info, host, port, name) [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] File /usr/lib/python2.6/site-packages/ipaserver/dcerpc.py, line 315, in __resolve_against_gc [Fri Mar 15 09:35:15 2013] [error] [client 10.0.1.11] conn.sasl_interactive_bind_s(None, sasl_auth) [Fri Mar 15 09:35:15 2013]
Re: [Freeipa-users] Trouble verifying domain trust IPA 3.0, AD 2012
On 03/15/2013 08:59 AM, Dale Macartney wrote: Any ideas what KDC returned error string: HANDLE_AUTHDATA means? Sumit, can it be that the SSSD plugin into the SSH that processes MSPACs is not working properly? -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users