Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 988473
Created attachment 778387
Description of problem:
When establishing a trust with:
ipa trust-add --all --type=ad addomain.com --admin='my.name' --password
The trust setup fails, printing the following error:
ipa: DEBUG: Caught fault 2100 from server https://ipa.ipadomain.com/ipa/xml:
Insufficient access: CIFS server denied your credentials
ipa: DEBUG: Destroyed connection context.xmlclient
ipa: ERROR: Insufficient access: CIFS server denied your credentials
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Create user in a group that has all privileges selected
2. Use this user to create a trust
I've attached samba logs at level 11 and the apache logs.
Corrective action: the Trusted Admin group needs a SID and that SID neds to be made so samba will trate it as allowed to create trusted domains.
3.4 development was shifted for one month, moving tickets to reflect reality better.
Adjusting time plan - 3.4 development was postponed as we focused on 3.3.x testing and stabilization.
This ticket was not addressed in 4.0 timeframe, moving to 4.1.
There was no time for this bug in 4.1 - moving out.
Processing 4.2 backlog. This ticket was found as something that is not a priority for the nearest releases.
But as usual, please feel free to discuss your use cases or contribute patches, to make that happen sooner!
Metadata Update from @mkosek:
- Issue assigned to someone
- Issue set to the milestone: Future Releases
Add a healthcheck check for RID 512 assigned to 'admins' group.
Metadata Update from @rcritten:
- Issue close_status updated to: None
- Issue tagged with: healthcheck
to comment on this ticket.