#4205 trust-add for POSIX AD does not fetch trustdomains
Closed: Fixed None Opened 10 years ago by mkosek.

Trustdomains are missing unless trust-fetch-domains is called:

# echo Secret123456 | ipa trust-add tbad.example.com --admin "TBAD\Administrator" --password
------------------------------------------------------------------------
Added Active Directory trust for realm "tbad.example.com"
------------------------------------------------------------------------
  Realm name: tbad.example.com
  Domain NetBIOS name: TBAD
  Domain Security Identifier: S-1-5-21-2997650941-1802118864-3094776726
  SID blacklist incoming: S-1-0, S-1-1, S-1-2, S-1-3, S-1-5-1, S-1-5-2, S-1-5-3, S-1-5-4, S-1-5-5,
                          S-1-5-6, S-1-5-7, S-1-5-8, S-1-5-9, S-1-5-10, S-1-5-11, S-1-5-12, S-1-5-13,
                          S-1-5-14, S-1-5-15, S-1-5-16, S-1-5-17, S-1-5-18, S-1-5-19, S-1-5-20
  SID blacklist outgoing: S-1-0, S-1-1, S-1-2, S-1-3, S-1-5-1, S-1-5-2, S-1-5-3, S-1-5-4, S-1-5-5,
                          S-1-5-6, S-1-5-7, S-1-5-8, S-1-5-9, S-1-5-10, S-1-5-11, S-1-5-12, S-1-5-13,
                          S-1-5-14, S-1-5-15, S-1-5-16, S-1-5-17, S-1-5-18, S-1-5-19, S-1-5-20
  Trust direction: Two-way trust
  Trust type: Active Directory domain
  Trust status: Established and verified

# ipa trustdomain-find tbad.example.com
  Domain name: tbad.example.com
  Domain NetBIOS name: TBAD
  Domain Security Identifier: S-1-5-21-2997650941-1802118864-3094776726
  Domain enabled: True
----------------------------
Number of entries returned 1
----------------------------

# ipa trust-fetch-domains tbad.example.com
--------------------------------------------
List of trust domains successfully refreshed
--------------------------------------------
  Realm name: child.tbad.example.com
  Domain NetBIOS name: CHILD
  Domain Security Identifier: S-1-5-21-972585150-1048339146-1910910075
----------------------------
Number of entries returned 1
----------------------------

# ipa trustdomain-find tbad.example.com
  Domain name: child.tbad.example.com
  Domain NetBIOS name: CHILD
  Domain Security Identifier: S-1-5-21-972585150-1048339146-1910910075
  Domain enabled: True

  Domain name: tbad.example.com
  Domain NetBIOS name: TBAD
  Domain Security Identifier: S-1-5-21-2997650941-1802118864-3094776726
  Domain enabled: True
----------------------------
Number of entries returned 2
----------------------------

We will need to fix this in 3.3 branch.

master:[[BR]]
41ca5af trust: make sure we always discover topology of the forest trust

ipa-3-3:[[BR]]
906b60e trust: make sure we always discover topology of the forest trust

Metadata Update from @mkosek:
- Issue assigned to abbra
- Issue set to the milestone: FreeIPA 3.3.5 (bug fixing)

7 years ago

Login to comment on this ticket.

Metadata