freeipa

Clone
Source Code
GIT

#6076 Mulitple domain Active Directory Trust conflict
Closed: Fixed None Opened 7 years ago by pvoborni.

Closed: Fixed
Reopen Issue

A multi-forest trust issue.

Steps to reproduce:
1. Remove conflicting trusts to forests A and B -- do this on AD and IPA sides
done

  1. Establish trust with forest A

    [root@ipa ~]# ipa trust-add --type=ad ADEXAMPLE.TEST
    Active Directory domain administrator: fooadmin
    Active Directory domain administrator's password:
    ...
    Trust status: Established and verified

  2. Run oddjob_request for forest A
    Attached

  3. Remove trust to forest A both on AD and IPA sides
    Deleted on AD side

    [root@ipa ~]# ipa trust-del ADEXAMPLE.TEST

    Deleted trust "ADEXAMPLE.TEST"

  4. Establish trust with forest B

    [root@sv66850 ~]# ipa trust-add --type=ad OTHERAD.TEST
    Active Directory domain administrator: fooadmin
    Active Directory domain administrator's password:
    ...
    Trust status: Established and verified

  5. Run oddjob_request for forest B
    Attached

Additional info:

The issue is related to TLM forest information handling as well as IPA Token
Handling in a trust.

4.3.2 was released, moving to 4.3.3

master:

  • c547d55 ipaserver/dcerpc: reformat to make the code closer to pep8
  • 6332cb3 trust: automatically resolve DNS trust conflicts for triangle trusts

ipa-4-3:

  • bc6990e ipaserver/dcerpc: reformat to make the code closer to pep8
  • 324d5aa trust: automatically resolve DNS trust conflicts for triangle trusts

Metadata Update from @pvoborni:
- Issue assigned to abbra
- Issue set to the milestone: FreeIPA 4.3.3
6 years ago

Login to comment on this ticket.

Metadata
None
None
None
important
None
None
None
None
defect
None
None
Trusts
None
0
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=1348560
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.