Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
If configured, the Active Directory (AD) DNS server returns IPv4 and IPv6 addresses of an AD server. If the FreeIPA server cannot connect to the AD server with an IPv6 address, running the ipa trust-add command will fail even if it would be possible to use IPv4. To work around this problem, add the IPv4 address of the AD server to the /etc/hosts file. In this case, the FreeIPA server will use only the IPv4 address and executing ipa trust-add will be successful.
Description of problem:
Can't add a trust to an AD domain in IPA. This is for a trust that's established on other IPA servers for separate test domains already.
# ipa trust-add adlab.qe --admin Administrator --password --type=ad
Active directory domain administrator's password:
ipa: ERROR: CIFS server communication error: code "-1073741801",
message "Memory allocation error" (both may be "None")
Version-Release number of selected component (if applicable):
ipa-server-trust-ad-3.0.0-8.el6.x86_64
samba4-winbind-clients-4.0.0-44.el6.rc4.x86_64
samba4-common-4.0.0-44.el6.rc4.x86_64
samba4-libs-4.0.0-44.el6.rc4.x86_64
samba4-python-4.0.0-44.el6.rc4.x86_64
samba4-4.0.0-44.el6.rc4.x86_64
samba4-client-4.0.0-44.el6.rc4.x86_64
samba4-winbind-4.0.0-44.el6.rc4.x86_64
How reproducible:
unknown. I've only seen this on the one server so far.
Steps to Reproduce:
1. Setup IPA/AD servers
2. ipa-adtrust-install
3. ipa trust-add <AD domain> --admin Administrator --password --type=ad
Actual results:
[root@mgmt8 ~]# ipa trust-add adlab.qe --admin Administrator --password --type=ad
Active directory domain administrator's password:
ipa: ERROR: CIFS server communication error: code "-1073741801",
message "Memory allocation error" (both may be "None")
Expected results:
No error and trust is setup correctly.
Additional info:
Comment 3Alexander Bokovoy
2012-11-20 09:59:25 UTC
It would be good to see logs taken from the affected system.
1. Add 'log level = 11' to /usr/share/ipa/smb.conf.empty
2. Retry.
I've seen this error only once when the AD server wasn't able to resolve the IPA domain. If this is not the case in your setup maybe the AD server is confused in other way, maybe a reboot of the AD server helps?
Created attachment 648789[details]
samba logs
I tried adding log level to the smb.conf.empty but, didn't seem to change it. So, I just changed it with net conf.
This is pretty much all I saw.
Comment 7Alexander Bokovoy
2012-11-20 21:36:41 UTC
No, please follow my request in comment 3. The resulting log is within /var/log/httpd/error_log (i.e. IPA web server log).
Comment 10Alexander Bokovoy
2012-11-21 05:52:07 UTC
Comment on attachment 648906[details]
http error_log
Looking at the log I can see that AD DC never answers back to our attempt to connect to it with ncacn_np:win2k8r2.adlab.qe[,] connection string (SMB RPC connection, http://msdn.microsoft.com/en-us/library/cc243786%28v=prot.20%29.aspx).
It most likely means that it doesn't know how to route properly traffic back to us. Compare this communication with previous one directed to our own server, starting with "Using binding ncacn_np:mgmt8.ipa2.example.com[,]".
Comment 11Alexander Bokovoy
2013-02-18 09:58:37 UTC
(In reply to Ann Marie Rubin from comment #24)
> Can this bug be closed? Does anything need to be documented?
I would prefer to keep this bug open, because it tracks a samba upstream issue which we might want to include in RHEL if fixed upstream.
About documentation, maybe Nirupama would like to write a knowledge-base article about how she fixed her setup to get arround the issue?
Comment 27Eliska Slobodova
2013-06-26 12:09:49 UTC
Closing; the known issue has been added to the book.
Description of problem: Can't add a trust to an AD domain in IPA. This is for a trust that's established on other IPA servers for separate test domains already. # ipa trust-add adlab.qe --admin Administrator --password --type=ad Active directory domain administrator's password: ipa: ERROR: CIFS server communication error: code "-1073741801", message "Memory allocation error" (both may be "None") Version-Release number of selected component (if applicable): ipa-server-trust-ad-3.0.0-8.el6.x86_64 samba4-winbind-clients-4.0.0-44.el6.rc4.x86_64 samba4-common-4.0.0-44.el6.rc4.x86_64 samba4-libs-4.0.0-44.el6.rc4.x86_64 samba4-python-4.0.0-44.el6.rc4.x86_64 samba4-4.0.0-44.el6.rc4.x86_64 samba4-client-4.0.0-44.el6.rc4.x86_64 samba4-winbind-4.0.0-44.el6.rc4.x86_64 How reproducible: unknown. I've only seen this on the one server so far. Steps to Reproduce: 1. Setup IPA/AD servers 2. ipa-adtrust-install 3. ipa trust-add <AD domain> --admin Administrator --password --type=ad Actual results: [root@mgmt8 ~]# ipa trust-add adlab.qe --admin Administrator --password --type=ad Active directory domain administrator's password: ipa: ERROR: CIFS server communication error: code "-1073741801", message "Memory allocation error" (both may be "None") Expected results: No error and trust is setup correctly. Additional info: