Trustdomains are missing unless trust-fetch-domains is called:
trust-fetch-domains
# echo Secret123456 | ipa trust-add tbad.example.com --admin "TBAD\Administrator" --password ------------------------------------------------------------------------ Added Active Directory trust for realm "tbad.example.com" ------------------------------------------------------------------------ Realm name: tbad.example.com Domain NetBIOS name: TBAD Domain Security Identifier: S-1-5-21-2997650941-1802118864-3094776726 SID blacklist incoming: S-1-0, S-1-1, S-1-2, S-1-3, S-1-5-1, S-1-5-2, S-1-5-3, S-1-5-4, S-1-5-5, S-1-5-6, S-1-5-7, S-1-5-8, S-1-5-9, S-1-5-10, S-1-5-11, S-1-5-12, S-1-5-13, S-1-5-14, S-1-5-15, S-1-5-16, S-1-5-17, S-1-5-18, S-1-5-19, S-1-5-20 SID blacklist outgoing: S-1-0, S-1-1, S-1-2, S-1-3, S-1-5-1, S-1-5-2, S-1-5-3, S-1-5-4, S-1-5-5, S-1-5-6, S-1-5-7, S-1-5-8, S-1-5-9, S-1-5-10, S-1-5-11, S-1-5-12, S-1-5-13, S-1-5-14, S-1-5-15, S-1-5-16, S-1-5-17, S-1-5-18, S-1-5-19, S-1-5-20 Trust direction: Two-way trust Trust type: Active Directory domain Trust status: Established and verified # ipa trustdomain-find tbad.example.com Domain name: tbad.example.com Domain NetBIOS name: TBAD Domain Security Identifier: S-1-5-21-2997650941-1802118864-3094776726 Domain enabled: True ---------------------------- Number of entries returned 1 ---------------------------- # ipa trust-fetch-domains tbad.example.com -------------------------------------------- List of trust domains successfully refreshed -------------------------------------------- Realm name: child.tbad.example.com Domain NetBIOS name: CHILD Domain Security Identifier: S-1-5-21-972585150-1048339146-1910910075 ---------------------------- Number of entries returned 1 ---------------------------- # ipa trustdomain-find tbad.example.com Domain name: child.tbad.example.com Domain NetBIOS name: CHILD Domain Security Identifier: S-1-5-21-972585150-1048339146-1910910075 Domain enabled: True Domain name: tbad.example.com Domain NetBIOS name: TBAD Domain Security Identifier: S-1-5-21-2997650941-1802118864-3094776726 Domain enabled: True ---------------------------- Number of entries returned 2 ----------------------------
Starting review
We will need to fix this in 3.3 branch.
master:[[BR]] 41ca5af trust: make sure we always discover topology of the forest trust
ipa-3-3:[[BR]] 906b60e trust: make sure we always discover topology of the forest trust
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1070925
Metadata Update from @mkosek: - Issue assigned to abbra - Issue set to the milestone: FreeIPA 3.3.5 (bug fixing)
Login to comment on this ticket.