#3828 CIFS denied credentials when establishing trust
Opened 9 years ago by mkosek. Modified 4 years ago

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 988473

Created attachment 778387
smbd logs

Description of problem:

When establishing a trust with:

ipa trust-add --all --type=ad addomain.com --admin='my.name' --password
--base-id=791200000 --range-size=200000

The trust setup fails, printing the following error:
ipa: DEBUG: Caught fault 2100 from server https://ipa.ipadomain.com/ipa/xml:
Insufficient access: CIFS server denied your credentials
ipa: DEBUG: Destroyed connection context.xmlclient
ipa: ERROR: Insufficient access: CIFS server denied your credentials

Version-Release number of selected component (if applicable):
ipa-server-3.0.0-26.el6_4.2.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Create user in a group that has all privileges selected
2. Use this user to create a trust
3.

Actual results:

Above error

Expected results:

Trust created

Additional info:

I've attached samba logs at level 11 and the apache logs.

Corrective action: the Trusted Admin group needs a SID and that SID neds to be made so samba will trate it as allowed to create trusted domains.


3.4 development was shifted for one month, moving tickets to reflect reality better.

Adjusting time plan - 3.4 development was postponed as we focused on 3.3.x testing and stabilization.

Adjusting time plan - 3.4 development was postponed as we focused on 3.3.x testing and stabilization.

This ticket was not addressed in 4.0 timeframe, moving to 4.1.

There was no time for this bug in 4.1 - moving out.

Processing 4.2 backlog. This ticket was found as something that is not a priority for the nearest releases.

But as usual, please feel free to discuss your use cases or contribute patches, to make that happen sooner!

Metadata Update from @mkosek:
- Issue assigned to someone
- Issue set to the milestone: Future Releases

5 years ago

Add a healthcheck check for RID 512 assigned to 'admins' group.

Metadata Update from @rcritten:
- Issue close_status updated to: None
- Issue tagged with: healthcheck

4 years ago

Login to comment on this ticket.

Metadata