Issue #6057: adding two way non transitive(external) trust displays internal error on the console - freeipa

freeipa

#6057 adding two way non transitive(external) trust displays internal error on the console

Closed: Fixed None Opened 7 years ago by pvoborni.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1355753

Created attachment 1178890
error log

Description of problem: adding two way transitive trust gives internal error on
the console


Version-Release number of selected component (if applicable):
ipa-server-trust-ad-4.4.0-1.el7.x86_64
ipa-server-dns-4.4.0-1.el7.noarch
ipa-server-common-4.4.0-1.el7.noarch
ipa-server-4.4.0-1.el7.x86_64


How reproducible: Always.

Steps to Reproduce:
1. Install ipa-server
2. ipa-adtrust-install
3. add forward-zone for the domain to be trusted.
4. now add two-way trust

[root@server]# ipa trust-add test.qa --external='true' --two-way=true

Actual results:

[root@server]# ipa trust-add test.qa --external='true' --two-way=true
Active Directory domain administrator: administrator
Active Directory domain administrator's password:
ipa: ERROR: an internal error has occurred

[root@server ~]# ipa trust-find
---------------
1 trust matched
---------------
  Realm name: test.qa
  Domain NetBIOS name: TEST
  Domain Security Identifier: S-1-5-21-4204873575-1158510886-1449965812
  Trust type: Non-transitive external trust to a domain in another Active
Directory forest
----------------------------
Number of entries returned 1
----------------------------

[root@server ~]# ipa idrange-find
----------------
2 ranges matched
----------------
  Range name: TEST.QA_id_range
  First Posix ID of the range: 330800000
  Number of IDs in the range: 200000
  First RID of the corresponding RID range: 0
  Domain SID of the trusted domain: S-1-5-21-4204873575-1158510886-1449965812
  Range type: Active Directory domain range

  Range name: TESTRELM.TEST_id_range
  First Posix ID of the range: 160600000
  Number of IDs in the range: 200000
  First RID of the corresponding RID range: 1000
  First RID of the secondary RID range: 100000000
  Range type: local domain range
----------------------------
Number of entries returned 2
----------------------------

Expected results:
Although the trust gets added successfully the message
displayed on the console should be fixed.

Additional info: Attaching httpd error_log file

mbabinsk commented 7 years ago

master:

33f8685 Always fetch forest info from root DCs when establishing two-way trust
c789b17 factor out populate_remote_domain method into module-level function
4ca6717 Always fetch forest info from root DCs when establishing one-way trust

ipa-4-4:

58513d3 Always fetch forest info from root DCs when establishing two-way trust
034b78e factor out populate_remote_domain method into module-level function
a532edf Always fetch forest info from root DCs when establishing one-way trust

Metadata Update from @pvoborni:
- Issue assigned to mbabinsk
- Issue set to the milestone: FreeIPA 4.4.2

7 years ago

Metadata

Assignee

mbabinsk

Tags

None

Blocking

None

Depending on

None

Priority

important

Milestone

FreeIPA 4.4.2

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

Trusts

blocking

None

on_review

https://github.com/freeipa/freeipa/pull/46

keywords

None

test_coverage

None

reviewer

abbra

external_tracker

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1355753

tester

None

changelog

None

design

None

freeipa

Source Code

#6057 adding two way non transitive(external) trust displays internal error on the console Closed: Fixed None Opened 7 years ago by pvoborni.

Metadata

#6057 adding two way non transitive(external) trust displays internal error on the console

Closed: Fixed None Opened 7 years ago by pvoborni.