Hello! Description of problem: When I configure a trust between freeipa server version 3.3.3-28 and windows domain 2012 error occurs. Below is the configuration freeipa-server and how to configure. Version-Release number of selected component (if applicable): FreeIPA Server: OS - centos 7 Core - 3.10.0-123.8.1.el7.x86_64 ipaserver - 3.3.3-28 samba - 4.1.1 Windows Server: OS: Windows 2012 How reproducible: Steps to Reproduce: 1. [root@ipa ~]# ipa-adtrust-install --netbios-name=TESTCSBIITS -a Pass123456 -U The log file for this installation can be found in /var/log/ipaserver-install.log ============================================================================== This program will setup components needed to establish trust to AD domains for the IPA Server. This includes: * Configure Samba * Add trust related objects to IPA LDAP server To accept the default shown in brackets, press the Enter key. Configuring CIFS [1/19]: stopping smbd [2/19]: creating samba domain object Samba domain object already exists [3/19]: creating samba config registry [4/19]: writing samba config file [5/19]: adding cifs Kerberos principal [6/19]: check for cifs services defined on other replicas [7/19]: adding cifs principal to S4U2Proxy targets cifs principal already targeted, nothing to do. [8/19]: adding admin(group) SIDs Admin SID already set, nothing to do Admin group SID already set, nothing to do [9/19]: adding RID bases RID bases already set, nothing to do [10/19]: updating Kerberos config 'dns_lookup_kdc' already set to 'true', nothing to do. [11/19]: activating CLDAP plugin CLDAP plugin already configured, nothing to do [12/19]: activating sidgen plugin and task Sidgen plugin already configured, nothing to do Sidgen task plugin already configured, nothing to do [13/19]: activating extdom plugin Extdom plugin already configured, nothing to do [14/19]: configuring smbd to start on boot [15/19]: adding special DNS service records [16/19]: restarting Directory Server to take MS PAC and LDAP plugins changes into account [17/19]: adding fallback group Fallback group already set, nothing to do [18/19]: setting SELinux booleans [19/19]: starting CIFS services Done configuring CIFS. ============================================================================= Setup complete You must make sure these network ports are open: TCP Ports: * 138: netbios-dgm * 139: netbios-ssn * 445: microsoft-ds UDP Ports: * 138: netbios-dgm * 139: netbios-ssn * 389: (C)LDAP * 445: microsoft-ds Additionally you have to make sure the IPA LDAP server is not reachable by any domain controller in the Active Directory domain by closing down the following ports for these servers: TCP Ports: * 389, 636: LDAP/LDAPS You may want to choose to REJECT the network packets instead of DROPing them to avoid timeouts on the AD domain controllers. ============================================================================= 2. [root@ipa ~]# smbclient -L ipa.test-csbi-its.ru -k lp_load_ex: changing to config backend registry Domain=[TESTCSBIITS] OS=[Unix] Server=[Samba 4.1.1] Sharename Type Comment --------- ---- ------- IPC$ IPC IPC Service (Samba 4.1.1) Domain=[TESTCSBIITS] OS=[Unix] Server=[Samba 4.1.1] Server Comment --------- ------- Workgroup Master --------- ------- 3. [root@ipa ~]# wbinfo --online-status BUILTIN : online TESTCSBIITS : online 4. For windows domain [root@ipa ~]# dig SRV _ldap._tcp.csbigroup.ru ; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> SRV _ldap._tcp.csbigroup.ru ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49280 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5, ADDITIONAL: 14 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;_ldap._tcp.csbigroup.ru. IN SRV ;; ANSWER SECTION: _ldap._tcp.csbigroup.ru. 600 IN SRV 0 100 389 csbi-it-dc02.csbigroup.ru. _ldap._tcp.csbigroup.ru. 600 IN SRV 0 100 389 csbi-it-dc04.csbigroup.ru. _ldap._tcp.csbigroup.ru. 600 IN SRV 0 100 389 csbi-it-dc01.csbigroup.ru. ;; AUTHORITY SECTION: ru. 171951 IN NS d.dns.ripn.net. ru. 171951 IN NS a.dns.ripn.net. ru. 171951 IN NS f.dns.ripn.net. ru. 171951 IN NS e.dns.ripn.net. ru. 171951 IN NS b.dns.ripn.net. ;; ADDITIONAL SECTION: csbi-it-dc04.csbigroup.ru. 406 IN A 192.168.10.94 csbi-it-dc02.csbigroup.ru. 2806 IN A 192.168.10.9 csbi-it-dc01.csbigroup.ru. 2806 IN A 192.168.10.10 b.dns.ripn.net. 171951 IN A 194.85.252.62 b.dns.ripn.net. 171951 IN AAAA 2001:678:16:0:194:85:252:62 a.dns.ripn.net. 171951 IN A 193.232.128.6 a.dns.ripn.net. 171951 IN AAAA 2001:678:17:0:193:232:128:6 e.dns.ripn.net. 171951 IN A 193.232.142.17 e.dns.ripn.net. 171951 IN AAAA 2001:678:15:0:193:232:142:17 d.dns.ripn.net. 171951 IN A 194.190.124.17 d.dns.ripn.net. 171951 IN AAAA 2001:678:18:0:194:190:124:17 f.dns.ripn.net. 171951 IN A 193.232.156.17 f.dns.ripn.net. 171951 IN AAAA 2001:678:14:0:193:232:156:17 ;; Query time: 7 msec ;; SERVER: 192.168.160.18#53(192.168.160.18) ;; WHEN: Fri Sep 26 11:33:46 MSK 2014 ;; MSG SIZE rcvd: 547 5. For IPA domain [root@ipa ~]# dig SRV _ldap._tcp.test-csbi-its.ru ; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> SRV _ldap._tcp.test-csbi-its.ru ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53566 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;_ldap._tcp.test-csbi-its.ru. IN SRV ;; ANSWER SECTION: _ldap._tcp.test-csbi-its.ru. 86400 IN SRV 0 100 389 ipa.test-csbi-its.ru. ;; AUTHORITY SECTION: test-csbi-its.ru. 86400 IN NS ipa.test-csbi-its.ru. ;; ADDITIONAL SECTION: ipa.test-csbi-its.ru. 1200 IN A 192.168.160.18 ;; Query time: 3 msec ;; SERVER: 192.168.160.18#53(192.168.160.18) ;; WHEN: Fri Sep 26 11:35:26 MSK 2014 ;; MSG SIZE rcvd: 126 6. Error occurs on this step -bash-4.2$ ipa -d trust-add --type=ad csbigroup.ru --admin test --password ipa: DEBUG: importing all plugin modules in '/usr/lib/python2.7/site-packages/ipalib/plugins'... ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/aci.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/automember.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/automount.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/baseldap.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/batch.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/cert.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/config.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/delegation.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/dns.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/group.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hbacrule.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hbacsvc.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hbacsvcgroup.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hbactest.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/host.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hostgroup.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/idrange.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/internal.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/kerberos.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/krbtpolicy.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/migration.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/misc.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/netgroup.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/passwd.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/permission.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/ping.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/pkinit.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/privilege.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/pwpolicy.py' ipa: DEBUG: Starting external process ipa: DEBUG: args=klist -V ipa: DEBUG: Process finished, return code=0 ipa: DEBUG: stdout=Kerberos 5 version 1.11.3 ipa: DEBUG: stderr= ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/realmdomains.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/role.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/selfservice.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/selinuxusermap.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/service.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/sudocmd.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/sudocmdgroup.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/sudorule.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/trust.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/user.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/virtual.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/xmlclient.py' ipa: DEBUG: Starting external process ipa: DEBUG: args=keyctl search @s user ipa_session_cookie:admin ipa: DEBUG: Process finished, return code=0 ipa: DEBUG: stdout=1059139357 ipa: DEBUG: stderr= ipa: DEBUG: Starting external process ipa: DEBUG: args=keyctl pipe 1059139357 ipa: DEBUG: Process finished, return code=0 ipa: DEBUG: stdout=ipa_session=e225e8c15ffaf66d384e15b04bec44b7; Domain=ipa.test-csbi-its.ru; Path=/ipa; Expires=Thu, 25 Sep 2014 14:48:11 GMT; Secure; HttpOnly ipa: DEBUG: stderr= ipa: DEBUG: found session_cookie in persistent storage for principal 'admin', cookie: 'ipa_session=e225e8c15ffaf66d384e15b04bec44b7; Domain=ipa.test-csbi-its.ru; Path=/ipa; Expires=Thu, 25 Sep 2014 14:48:11 GMT; Secure; HttpOnly' ipa: DEBUG: deleting session data for principal 'admin': cookie named 'ipa_session'; expired at Thu, 25 Sep 2014 14:48:11 GMT' ipa: DEBUG: Starting external process ipa: DEBUG: args=keyctl search @s user ipa_session_cookie:admin ipa: DEBUG: Process finished, return code=0 ipa: DEBUG: stdout=1059139357 ipa: DEBUG: stderr= ipa: DEBUG: Starting external process ipa: DEBUG: args=keyctl unlink 1059139357 @s ipa: DEBUG: Process finished, return code=0 ipa: DEBUG: stdout= ipa: DEBUG: stderr= ipa: INFO: trying https://ipa.test-csbi-its.ru/ipa/xml ipa: DEBUG: Created connection context.xmlclient Active directory domain administrator's password: ipa: DEBUG: raw: trust_add(u'csbigroup.ru', trust_type=u'ad', realm_admin=u'test', realm_passwd=u'********', all=False, raw=False, version=u'2.65') ipa: DEBUG: trust_add(u'csbigroup.ru', trust_type=u'ad', realm_admin=u'test', realm_passwd=u'********', all=False, raw=False, version=u'2.65') ipa: INFO: Forwarding 'trust_add' to server 'https://ipa.test-csbi-its.ru/ipa/xml' ipa: DEBUG: NSSConnection init ipa.test-csbi-its.ru ipa: DEBUG: Connecting: 192.168.160.18:0 ipa: DEBUG: auth_certificate_callback: check_sig=True is_server=False Data: Version: 3 (0x2) Serial Number: 9 (0x9) Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Issuer: CN=Certificate Authority,O=TEST-CSBI-ITS.RU Validity: Not Before: Thu Sep 25 14:01:24 2014 UTC Not After: Sun Sep 25 14:01:24 2016 UTC Subject: CN=ipa.test-csbi-its.ru,O=TEST-CSBI-ITS.RU Subject Public Key Info: Public Key Algorithm: Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ... Exponent: 65537 (0x10001) Signed Extensions: (6) Name: Certificate Authority Key Identifier Critical: False Key ID: ... Serial Number: None General Names: [0 total] Name: Authority Information Access Critical: False Authority Information Access: [1 total] Info [1]: Method: PKIX Online Certificate Status Protocol Location: URI: http://ipa-ca.test-csbi-its.ru/ca/ocsp Name: Certificate Key Usage Critical: True Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Name: Extended Key Usage Critical: False Usages: TLS Web Server Authentication Certificate TLS Web Client Authentication Certificate Name: CRL Distribution Points Critical: False CRL Distribution Points: [1 total] Point [1]: General Names: [1 total] http://ipa-ca.test-csbi-its.ru/ipa/crl/MasterCRL.bin Issuer: Directory Name: CN=Certificate Authority,O=ipaca Reasons: () Name: Certificate Subject Key ID Critical: False Data: ... Signature: Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Signature: ... Fingerprint (MD5): ... Fingerprint (SHA1): ... ipa: DEBUG: approved_usage = SSL Server intended_usage = SSL Server ipa: DEBUG: cert valid True for "CN=ipa.test-csbi-its.ru,O=TEST-CSBI-ITS.RU" ipa: DEBUG: handshake complete, peer = 192.168.160.18:443 ipa: DEBUG: received Set-Cookie 'ipa_session=d926cf4ec250b4f89ff356fcb3b86b2f; Domain=ipa.test-csbi-its.ru; Path=/ipa; Expires=Fri, 26 Sep 2014 07:56:33 GMT; Secure; HttpOnly' ipa: DEBUG: storing cookie 'ipa_session=d926cf4ec250b4f89ff356fcb3b86b2f; Domain=ipa.test-csbi-its.ru; Path=/ipa; Expires=Fri, 26 Sep 2014 07:56:33 GMT; Secure; HttpOnly' for principal admin ipa: DEBUG: Starting external process ipa: DEBUG: args=keyctl search @s user ipa_session_cookie:admin ipa: DEBUG: Process finished, return code=1 ipa: DEBUG: stdout= ipa: DEBUG: stderr=keyctl_search: Required key not available ipa: DEBUG: Starting external process ipa: DEBUG: args=keyctl search @s user ipa_session_cookie:admin ipa: DEBUG: Process finished, return code=1 ipa: DEBUG: stdout= ipa: DEBUG: stderr=keyctl_search: Required key not available ipa: DEBUG: Starting external process ipa: DEBUG: args=keyctl padd user ipa_session_cookie:admin @s ipa: DEBUG: Process finished, return code=0 ipa: DEBUG: stdout=483410910 ipa: DEBUG: stderr= ipa: DEBUG: Caught fault 4001 from server https://ipa.test-csbi-its.ru/ipa/xml: Cannot find specified domain or server name ipa: DEBUG: Destroyed connection context.xmlclient ipa: ERROR: Cannot find specified domain or server name Best Regards, Valeriy
Please provide logs as described at http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#Debugging_trust
Created attachment 942178 [details] httpd and samba logs
Hello! I add logs as attachement. DEBUG OUT: -bash-4.2$ ipa -d trust-add --type=ad csbigroup.ru --admin test777 --password ipa: DEBUG: importing all plugin modules in '/usr/lib/python2.7/site-packages/ipalib/plugins'... ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/aci.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/automember.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/automount.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/baseldap.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/batch.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/cert.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/config.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/delegation.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/dns.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/group.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hbacrule.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hbacsvc.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hbacsvcgroup.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hbactest.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/host.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hostgroup.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/idrange.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/internal.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/kerberos.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/krbtpolicy.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/migration.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/misc.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/netgroup.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/passwd.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/permission.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/ping.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/pkinit.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/privilege.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/pwpolicy.py' ipa: DEBUG: Starting external process ipa: DEBUG: args=klist -V ipa: DEBUG: Process finished, return code=0 ipa: DEBUG: stdout=Kerberos 5 version 1.11.3 ipa: DEBUG: stderr= ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/realmdomains.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/role.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/selfservice.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/selinuxusermap.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/service.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/sudocmd.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/sudocmdgroup.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/sudorule.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/trust.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/user.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/virtual.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/xmlclient.py' ipa: ERROR: did not receive Kerberos credentials -bash-4.2$ kinit admin Password for admin: -bash-4.2$ ipa -d trust-add --type=ad csbigroup.ru --admin test777 --password ipa: DEBUG: importing all plugin modules in '/usr/lib/python2.7/site-packages/ipalib/plugins'... ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/aci.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/automember.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/automount.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/baseldap.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/batch.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/cert.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/config.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/delegation.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/dns.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/group.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hbacrule.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hbacsvc.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hbacsvcgroup.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hbactest.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/host.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hostgroup.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/idrange.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/internal.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/kerberos.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/krbtpolicy.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/migration.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/misc.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/netgroup.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/passwd.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/permission.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/ping.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/pkinit.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/privilege.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/pwpolicy.py' ipa: DEBUG: Starting external process ipa: DEBUG: args=klist -V ipa: DEBUG: Process finished, return code=0 ipa: DEBUG: stdout=Kerberos 5 version 1.11.3 ipa: DEBUG: stderr= ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/realmdomains.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/role.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/selfservice.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/selinuxusermap.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/service.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/sudocmd.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/sudocmdgroup.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/sudorule.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/trust.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/user.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/virtual.py' ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/xmlclient.py' ipa: DEBUG: Starting external process ipa: DEBUG: args=keyctl search @s user ipa_session_cookie:admin ipa: DEBUG: Process finished, return code=0 ipa: DEBUG: stdout=483410910 ipa: DEBUG: stderr= ipa: DEBUG: Starting external process ipa: DEBUG: args=keyctl pipe 483410910 ipa: DEBUG: Process finished, return code=0 ipa: DEBUG: stdout=ipa_session=d926cf4ec250b4f89ff356fcb3b86b2f; Domain=ipa.test-csbi-its.ru; Path=/ipa; Expires=Fri, 26 Sep 2014 07:56:33 GMT; Secure; HttpOnly ipa: DEBUG: stderr= ipa: DEBUG: found session_cookie in persistent storage for principal 'admin', cookie: 'ipa_session=d926cf4ec250b4f89ff356fcb3b86b2f; Domain=ipa.test-csbi-its.ru; Path=/ipa; Expires=Fri, 26 Sep 2014 07:56:33 GMT; Secure; HttpOnly' ipa: DEBUG: deleting session data for principal 'admin': cookie named 'ipa_session'; expired at Fri, 26 Sep 2014 07:56:33 GMT' ipa: DEBUG: Starting external process ipa: DEBUG: args=keyctl search @s user ipa_session_cookie:admin ipa: DEBUG: Process finished, return code=0 ipa: DEBUG: stdout=483410910 ipa: DEBUG: stderr= ipa: DEBUG: Starting external process ipa: DEBUG: args=keyctl unlink 483410910 @s ipa: DEBUG: Process finished, return code=0 ipa: DEBUG: stdout= ipa: DEBUG: stderr= ipa: INFO: trying https://ipa.test-csbi-its.ru/ipa/xml ipa: DEBUG: Created connection context.xmlclient Active directory domain administrator's password: ipa: DEBUG: raw: trust_add(u'csbigroup.ru', trust_type=u'ad', realm_admin=u'test777', realm_passwd=u'********', all=False, raw=False, version=u'2.65') ipa: DEBUG: trust_add(u'csbigroup.ru', trust_type=u'ad', realm_admin=u'test777', realm_passwd=u'********', all=False, raw=False, version=u'2.65') ipa: INFO: Forwarding 'trust_add' to server 'https://ipa.test-csbi-its.ru/ipa/xml' ipa: DEBUG: NSSConnection init ipa.test-csbi-its.ru ipa: DEBUG: Connecting: 192.168.160.18:0 ipa: DEBUG: auth_certificate_callback: check_sig=True is_server=False Data: Version: 3 (0x2) Serial Number: 9 (0x9) Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Issuer: CN=Certificate Authority,O=TEST-CSBI-ITS.RU Validity: Not Before: Thu Sep 25 14:01:24 2014 UTC Not After: Sun Sep 25 14:01:24 2016 UTC Subject: CN=ipa.test-csbi-its.ru,O=TEST-CSBI-ITS.RU Subject Public Key Info: Public Key Algorithm: Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: bd:5c:6d:e0:24:d8:a1:fb:ae:cb:28:c1:f3:69:73:c2: 36:07:ce:f3:2c:b2:20:4f:0f:21:27:de:5b:87:0c:f5: 6f:83:b8:58:79:6a:b9:0d:ee:83:58:d8:fd:74:98:5e: 6c:41:f8:91:4f:09:3c:4e:49:7e:ba:55:19:d0:f8:06: c3:2d:c1:bf:0a:50:73:82:8d:2e:10:c5:87:24:d3:fe: 6f:e1:d3:04:df:79:51:05:cd:a4:1d:a3:2b:64:10:52: 25:05:73:b4:1f:e3:a4:7a:9e:8c:cc:40:b9:83:b2:1f: 4c:88:f1:66:22:8c:95:d3:b3:10:59:88:9d:93:ed:15: a6:9a:ef:e6:bf:ed:7a:bd:0b:1c:fc:59:7f:d3:84:20: 0c:d1:4c:68:38:8e:71:af:7c:ff:32:7b:e8:1e:5d:38: c3:1b:61:a5:9f:3d:b9:ab:fb:6f:a1:e5:5f:7c:f7:52: 80:b2:10:5d:41:cc:e3:a1:76:1a:3c:fc:93:b4:c9:85: f2:20:dd:5f:cb:df:95:aa:0c:d3:83:e8:51:1f:63:61: 2d:93:a5:53:b4:c5:b6:17:9b:f7:f4:1b:15:6a:f6:4f: 95:f2:10:2e:2a:f5:cf:c0:fc:2a:d8:48:76:f1:b1:5b: ed:24:84:2a:b0:57:c5:62:b5:04:bf:e2:fd:c6:a2:f9 Exponent: 65537 (0x10001) Signed Extensions: (6) Name: Certificate Authority Key Identifier Critical: False Key ID: 06:ae:86:71:4f:07:4e:57:1c:73:25:e0:71:f8:d7:dc: e0:06:36:c7 Serial Number: None General Names: [0 total] Name: Authority Information Access Critical: False Authority Information Access: [1 total] Info [1]: Method: PKIX Online Certificate Status Protocol Location: URI: http://ipa-ca.test-csbi-its.ru/ca/ocsp Name: Certificate Key Usage Critical: True Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment Name: Extended Key Usage Critical: False Usages: TLS Web Server Authentication Certificate TLS Web Client Authentication Certificate Name: CRL Distribution Points Critical: False CRL Distribution Points: [1 total] Point [1]: General Names: [1 total] http://ipa-ca.test-csbi-its.ru/ipa/crl/MasterCRL.bin Issuer: Directory Name: CN=Certificate Authority,O=ipaca Reasons: () Name: Certificate Subject Key ID Critical: False Data: 2e:ee:c0:3f:cd:7d:f3:f3:7f:21:09:9a:58:79:62:cf: e4:5d:03:af Signature: Signature Algorithm: Algorithm: PKCS #1 SHA-256 With RSA Encryption Signature: 93:89:c8:50:74:e5:c2:f4:4b:9d:79:74:6a:24:da:c6: dc:77:94:2b:bb:84:86:2e:ac:7d:09:76:29:17:1c:6b: bb:d2:93:d2:81:a3:93:68:9c:a6:78:ae:48:6e:79:47: 56:92:80:5e:79:88:18:8b:30:0f:a1:1a:f7:a2:f0:f3: fd:3f:e8:83:a7:5b:f2:f9:e1:6c:65:b7:f9:f0:fb:2d: 1d:85:44:24:74:97:32:cd:8d:db:6f:f4:c6:18:93:fc: 3a:55:2f:e5:61:f4:3e:7f:50:15:50:bd:fa:0a:66:0f: 3c:7e:af:29:76:62:60:cb:f1:0a:b9:91:00:1f:53:77: b4:b9:3d:60:13:98:2d:d7:fb:44:f4:e8:d4:e8:61:d4: 62:1c:00:a4:de:39:b8:cf:7d:64:3d:de:9c:ca:1c:ae: a2:46:f2:a1:da:92:15:0a:ff:31:40:81:bd:97:eb:a7: 7f:00:09:06:69:1b:cf:40:5c:00:d5:3a:12:d3:ba:30: 51:55:9c:ba:1a:7a:65:fc:30:8c:d3:bb:57:07:90:0a: c3:27:62:fd:2a:b0:94:0a:0b:e7:cc:42:22:fb:85:63: 00:3f:d2:80:61:a9:0d:f3:42:1b:3e:d8:25:72:58:b6: 5b:d2:44:89:7b:0e:03:68:34:d1:30:8d:d1:25:c2:55 Fingerprint (MD5): 48:ae:03:93:5d:8c:ea:bb:d2:e0:8c:b9:55:37:2f:c0 Fingerprint (SHA1): 95:bb:0b:d0:d5:69:bd:62:e5:ee:d4:56:74:3b:f4:1e: f3:1b:29:75 ipa: DEBUG: approved_usage = SSL Server intended_usage = SSL Server ipa: DEBUG: cert valid True for "CN=ipa.test-csbi-its.ru,O=TEST-CSBI-ITS.RU" ipa: DEBUG: handshake complete, peer = 192.168.160.18:443 ipa: DEBUG: received Set-Cookie 'ipa_session=950b5cfd6c7837ce3b2e6c2251e28b84; Domain=ipa.test-csbi-its.ru; Path=/ipa; Expires=Mon, 29 Sep 2014 06:40:34 GMT; Secure; HttpOnly' ipa: DEBUG: storing cookie 'ipa_session=950b5cfd6c7837ce3b2e6c2251e28b84; Domain=ipa.test-csbi-its.ru; Path=/ipa; Expires=Mon, 29 Sep 2014 06:40:34 GMT; Secure; HttpOnly' for principal admin ipa: DEBUG: Starting external process ipa: DEBUG: args=keyctl search @s user ipa_session_cookie:admin ipa: DEBUG: Process finished, return code=1 ipa: DEBUG: stdout= ipa: DEBUG: stderr=keyctl_search: Required key not available ipa: DEBUG: Starting external process ipa: DEBUG: args=keyctl search @s user ipa_session_cookie:admin ipa: DEBUG: Process finished, return code=1 ipa: DEBUG: stdout= ipa: DEBUG: stderr=keyctl_search: Required key not available ipa: DEBUG: Starting external process ipa: DEBUG: args=keyctl padd user ipa_session_cookie:admin @s ipa: DEBUG: Process finished, return code=0 ipa: DEBUG: stdout=710519041 ipa: DEBUG: stderr= ipa: DEBUG: Caught fault 4001 from server https://ipa.test-csbi-its.ru/ipa/xml: Cannot find specified domain or server name ipa: DEBUG: Destroyed connection context.xmlclient ipa: ERROR: Cannot find specified domain or server name
[2014/09/29 10:18:49.943129, 0, pid=49071, effective(0, 0), real(0, 0)] ../source3/lib/util_sock.c:423(open_socket_in) open_socket_in(): socket() call failed: Address family not supported by protocol [2014/09/29 10:18:49.943252, 0, pid=49071, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:636(create_tcpip_socket) Failed to create socket on port 0! You have disabled IPv6 stack support in your kernel. IPv6 stack support is required by Samba. Read http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#IPv6_stack_usage for details and configure your system accordingly.
Thanks! The problem is solved!