freeipa

Clone
Source Code
GIT

#6057 adding two way non transitive(external) trust displays internal error on the console
Closed: Fixed None Opened 8 years ago by pvoborni.

Closed: Fixed
Reopen Issue

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1355753

Created attachment 1178890
error log

Description of problem: adding two way transitive trust gives internal error on
the console


Version-Release number of selected component (if applicable):
ipa-server-trust-ad-4.4.0-1.el7.x86_64
ipa-server-dns-4.4.0-1.el7.noarch
ipa-server-common-4.4.0-1.el7.noarch
ipa-server-4.4.0-1.el7.x86_64


How reproducible: Always.

Steps to Reproduce:
1. Install ipa-server
2. ipa-adtrust-install
3. add forward-zone for the domain to be trusted.
4. now add two-way trust

[root@server]# ipa trust-add test.qa --external='true' --two-way=true

Actual results:

[root@server]# ipa trust-add test.qa --external='true' --two-way=true
Active Directory domain administrator: administrator
Active Directory domain administrator's password:
ipa: ERROR: an internal error has occurred

[root@server ~]# ipa trust-find
---------------
1 trust matched
---------------
  Realm name: test.qa
  Domain NetBIOS name: TEST
  Domain Security Identifier: S-1-5-21-4204873575-1158510886-1449965812
  Trust type: Non-transitive external trust to a domain in another Active
Directory forest
----------------------------
Number of entries returned 1
----------------------------

[root@server ~]# ipa idrange-find
----------------
2 ranges matched
----------------
  Range name: TEST.QA_id_range
  First Posix ID of the range: 330800000
  Number of IDs in the range: 200000
  First RID of the corresponding RID range: 0
  Domain SID of the trusted domain: S-1-5-21-4204873575-1158510886-1449965812
  Range type: Active Directory domain range

  Range name: TESTRELM.TEST_id_range
  First Posix ID of the range: 160600000
  Number of IDs in the range: 200000
  First RID of the corresponding RID range: 1000
  First RID of the secondary RID range: 100000000
  Range type: local domain range
----------------------------
Number of entries returned 2
----------------------------

Expected results:
Although the trust gets added successfully the message
displayed on the console should be fixed.

Additional info: Attaching httpd error_log file

master:

  • 33f8685 Always fetch forest info from root DCs when establishing two-way trust
  • c789b17 factor out populate_remote_domain method into module-level function
  • 4ca6717 Always fetch forest info from root DCs when establishing one-way trust

ipa-4-4:

  • 58513d3 Always fetch forest info from root DCs when establishing two-way trust
  • 034b78e factor out populate_remote_domain method into module-level function
  • a532edf Always fetch forest info from root DCs when establishing one-way trust

Metadata Update from @pvoborni:
- Issue assigned to mbabinsk
- Issue set to the milestone: FreeIPA 4.4.2
8 years ago

Log in to comment on this ticket.

Metadata
None
None
None
important
None
None
None
None
defect
None
None
Trusts
None
https://github.com/freeipa/freeipa/pull/46
None
None
abbra
None
None
None
None
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.