Hello, 

I try to configure trust between a FreeIPA domain and Active Directory. They 
are both in different domains (ipa domain: ipadev.test.local , ad domain: 
iam.intern ) and use external DNS. I have configured/verified all 
prerequisites, but when I run ipa trust-add command, I get the following error:

ipa: ERROR: AD domain controller complains about communication sequence. It may 
mean unsynchronized time on both sides, for example

I have enabled debug for samba but I cannot make much sense from  the debug 
information in error.log :

s4_tevent: Added timed event "composite_trigger": 0x7f9324240e30
s4_tevent: Ending timer event 0x7f932424ed50 "composite_trigger"
s4_tevent: Running timer event 0x7f9324240e30 "composite_trigger"
s4_tevent: Ending timer event 0x7f9324240e30 "composite_trigger"
s4_tevent: Added timed event "connect_multi_timer": 0x7f9324240cc0
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7f9324403310
s4_tevent: Run immediate event "tevent_req_trigger": 0x7f9324403310
s4_tevent: Destroying timer event 0x7f9324240cc0 "connect_multi_timer"
Socket options:
        SO_KEEPALIVE = 0
        SO_REUSEADDR = 0
        SO_BROADCAST = 0
        TCP_NODELAY = 1
        TCP_KEEPCNT = 9
        TCP_KEEPIDLE = 300
        TCP_KEEPINTVL = 75
        IPTOS_LOWDELAY = 0
        IPTOS_THROUGHPUT = 0
        SO_REUSEPORT = 0
        SO_SNDBUF = 2626560
        SO_RCVBUF = 1061808
        SO_SNDLOWAT = 1
        SO_RCVLOWAT = 1
        SO_SNDTIMEO = 0
        SO_RCVTIMEO = 0
        TCP_QUICKACK = 1
        TCP_DEFER_ACCEPT = 0
s4_tevent: Added timed event "tevent_req_timedout": 0x7f932424ed50
s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 
0x7f9324240cc0
s4_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f9324240cc0
s4_tevent: Destroying timer event 0x7f932424ed50 "tevent_req_timedout"
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7f932425c370
s4_tevent: Run immediate event "tevent_req_trigger": 0x7f932425c370
s4_tevent: Added timed event "tevent_req_timedout": 0x7f9324016970
Starting GENSEC mechanism spnego
SPNEGO: Could not find a suitable mechtype in NEG_TOKEN_INIT
s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7f9324403310
s4_tevent: Run immediate event "tevent_req_trigger": 0x7f9324403310
s4_tevent: Destroying timer event 0x7f9324016970 "tevent_req_timedout"
s4_tevent: Destroying timer event 0x7f932401f730 
"dcerpc_connect_timeout_handler"
[Tue Mar 09 09:51:12.685725 2021] [wsgi:error] [pid 29053:tid 140270172727040] 
[remote 10.30.214.119:36488] ipa: INFO: [jsonserver_session] 
cifs/ipadev01.test.lo...@ipadev.test.LOCAL: trust_add/1(u'IAM.INTERN', 
trust_type=u'ad', realm_admin=u'admin', realm_passwd=u'********', 
realm_server=u'10.30.201.46', version=u'2.232'): RemoteRetrieveError

Any idea what should I look into ?
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Reply via email to