If trust was created and then we attempt to re-establish it with AD admin credentials that don't have enough privileges, we'll fail -- either at the attempt to delete previously created trust or at the attempt to create new trust.
When we delete existing trust, we silence any exception and don't see NT_STATUS_ACCESS_DENIED, so there will be name collision when we would next create the trust with the same name:
# echo Test1234 | ipa trust-add ad.test --admin abbra --passwordipa: ERROR: CIFS server communication error: code "-1073741771", message "NT_STATUS_OBJECT_NAME_COLLISION" (both may be "None")
Actual cause for this collision is access denial at the trust delete stage, so we need to report proper error message by catching proper exception.
Patch is sent for review.
Starting review
master:
ipa-3-3:
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1070926
Metadata Update from @abbra: - Issue assigned to abbra - Issue set to the milestone: FreeIPA 3.3.5 (bug fixing)
Login to comment on this ticket.