Hello, I try to configure trust between a FreeIPA domain and Active Directory. They are both in different domains (ipa domain: ipadev.test.local , ad domain: iam.intern ) and use external DNS. I have configured/verified all prerequisites, but when I run ipa trust-add command, I get the following error:
ipa: ERROR: AD domain controller complains about communication sequence. It may mean unsynchronized time on both sides, for example I have enabled debug for samba but I cannot make much sense from the debug information in error.log : s4_tevent: Added timed event "composite_trigger": 0x7f9324240e30 s4_tevent: Ending timer event 0x7f932424ed50 "composite_trigger" s4_tevent: Running timer event 0x7f9324240e30 "composite_trigger" s4_tevent: Ending timer event 0x7f9324240e30 "composite_trigger" s4_tevent: Added timed event "connect_multi_timer": 0x7f9324240cc0 s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7f9324403310 s4_tevent: Run immediate event "tevent_req_trigger": 0x7f9324403310 s4_tevent: Destroying timer event 0x7f9324240cc0 "connect_multi_timer" Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 300 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 0 SO_SNDBUF = 2626560 SO_RCVBUF = 1061808 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 s4_tevent: Added timed event "tevent_req_timedout": 0x7f932424ed50 s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f9324240cc0 s4_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f9324240cc0 s4_tevent: Destroying timer event 0x7f932424ed50 "tevent_req_timedout" s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7f932425c370 s4_tevent: Run immediate event "tevent_req_trigger": 0x7f932425c370 s4_tevent: Added timed event "tevent_req_timedout": 0x7f9324016970 Starting GENSEC mechanism spnego SPNEGO: Could not find a suitable mechtype in NEG_TOKEN_INIT s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7f9324403310 s4_tevent: Run immediate event "tevent_req_trigger": 0x7f9324403310 s4_tevent: Destroying timer event 0x7f9324016970 "tevent_req_timedout" s4_tevent: Destroying timer event 0x7f932401f730 "dcerpc_connect_timeout_handler" [Tue Mar 09 09:51:12.685725 2021] [wsgi:error] [pid 29053:tid 140270172727040] [remote 10.30.214.119:36488] ipa: INFO: [jsonserver_session] cifs/ipadev01.test.lo...@ipadev.test.LOCAL: trust_add/1(u'IAM.INTERN', trust_type=u'ad', realm_admin=u'admin', realm_passwd=u'********', realm_server=u'10.30.201.46', version=u'2.232'): RemoteRetrieveError Any idea what should I look into ? _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure