Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1123405
Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.
This is the command and error message: # ipa trust-add --type ad EXAMPLE.COM --trust-secret Shared secret for the trust: ipa: ERROR: Cannot find specified domain or server name Grepping out server_type's so you can see all versions it tries: finddcs: Skipping DC x.x.x.x with server_type=0x0000317d - required 0x0000008c finddcs: Skipping DC y.y.y.y with server_type=0x0000317c - required 0x0000008c finddcs: Skipping DC z.z.z.z.z with server_type=0x0000317c - required 0x0000008c ... Version-Release number of selected component (if applicable): N/A How reproducible: This depend on AD configuration Additional info: 14:54 <ab> we ask for a closest LDAP and Global Catalog server but this server we are getting is not the closes one 14:54 <ab> and no other one is given so it fails 14:54 <ab> result = None 14:54 <ab> try: 14:54 <ab> result = netrc.finddc(domain=domain, flags=nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_GC | nbt.NBT_SERVER_CLOSEST) 14:54 <ab> except RuntimeError, e: 14:54 <ab> finddc_error = e 14:54 <ab> and in the trace: 14:55 <ab> server_type : 0x0000317c (12668) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 0: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 1: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT 14:57 <ab> from AD side DC should return information about available DCs and tell which one is closest in network topology 14:58 <ab> then we pick it up 14:58 <ab> since there isn't any, we miss this one 14:58 <ab> so we probably need to make a fallback too
When no closest server is returned from the discovery, we need to retry and ask for any AD server.
master:
ipa-4-1:
ipa-4-0:
ipa-3-3:
Metadata Update from @mkosek: - Issue assigned to abbra - Issue set to the milestone: FreeIPA 4.0.2
Login to comment on this ticket.