#6076 Mulitple domain Active Directory Trust conflict
Closed: Fixed None Opened 7 years ago by pvoborni.

A multi-forest trust issue.

Steps to reproduce:
1. Remove conflicting trusts to forests A and B -- do this on AD and IPA sides
done

  1. Establish trust with forest A

    [root@ipa ~]# ipa trust-add --type=ad ADEXAMPLE.TEST
    Active Directory domain administrator: fooadmin
    Active Directory domain administrator's password:
    ...
    Trust status: Established and verified

  2. Run oddjob_request for forest A
    Attached

  3. Remove trust to forest A both on AD and IPA sides
    Deleted on AD side

    [root@ipa ~]# ipa trust-del ADEXAMPLE.TEST

    Deleted trust "ADEXAMPLE.TEST"

  4. Establish trust with forest B

    [root@sv66850 ~]# ipa trust-add --type=ad OTHERAD.TEST
    Active Directory domain administrator: fooadmin
    Active Directory domain administrator's password:
    ...
    Trust status: Established and verified

  5. Run oddjob_request for forest B
    Attached

Additional info:

The issue is related to TLM forest information handling as well as IPA Token
Handling in a trust.


4.3.2 was released, moving to 4.3.3

master:

  • c547d55 ipaserver/dcerpc: reformat to make the code closer to pep8
  • 6332cb3 trust: automatically resolve DNS trust conflicts for triangle trusts

ipa-4-3:

  • bc6990e ipaserver/dcerpc: reformat to make the code closer to pep8
  • 324d5aa trust: automatically resolve DNS trust conflicts for triangle trusts

Metadata Update from @pvoborni:
- Issue assigned to abbra
- Issue set to the milestone: FreeIPA 4.3.3

6 years ago

Login to comment on this ticket.

Metadata