Issue #7370: Seeing "ipa: ERROR: an internal error has occurred" during ipa trust-add command - freeipa

freeipa

#7370 Seeing "ipa: ERROR: an internal error has occurred" during ipa trust-add command

Closed: fixed 5 years ago Opened 6 years ago by rcritten.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1533803

Created attachment 1380359
httpd_error_log

Description of problem:
ipa trust-add command is failing after adding dns record.

Version-Release number of selected component (if applicable):
ipa-server-4.5.4-8.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1. Install IPA server.
2. Establish trust
3. Add dnszone for xyz.test domain
4. create a _kerberos TXT record for xyz.test domain
5. modify realmdomain (ipa realmdomains-mod --add-domain xyz.test)
6. Try to re-establish trust


[root@auto-hv-02-guest06 ~]# echo Secret123 | ipa trust-add ipaad2016.test
--admin Administrator --password
-----------------------------------------------
Re-established trust to domain "ipaad2016.test"
-----------------------------------------------
  Realm name: ipaad2016.test
  Domain NetBIOS name: IPAAD2016
  Domain Security Identifier: S-1-5-21-813110839-3732285123-1597101681
  Trust direction: Trusting forest
  Trust type: Active Directory domain
  Trust status: Established and verified


[root@auto-hv-02-guest06 ~]# ipa dnszone-show freeipa.test
  Zone name: freeipa.test.
  Active zone: TRUE
  Authoritative nameserver: auto-hv-02-guest06.realm120118.test.
  Administrator e-mail address: hostmaster
  SOA serial: 1515741245
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  Allow query: any;
  Allow transfer: none;

[root@auto-hv-02-guest06 ~]# ipa realmdomains-mod --add-domain freeipa.test
ipa: ERROR: invalid 'domain': The realm of the following domains could not be
detected: freeipa.test. If these are domains that belong to the this realm,
please create a _kerberos TXT record containing "REALM120118.TEST" in each of
them.

[root@auto-hv-02-guest06 ~]# ipa dnsrecord-add freeipa.test _kerberos
--txt-data=REALM120118.TEST
  Record name: _kerberos
  TXT record: REALM120118.TEST

[root@auto-hv-02-guest06 ~]# ipa realmdomains-mod --add-domain freeipa.test
ipa: WARNING: The _kerberos TXT record from domain freeipa.test could not be
created (no modifications to be performed).
This can happen if the zone is not managed by IPA. Please create the record
manually, containing the following value: 'REALM120118.TEST'
  Domain: realm120118.test, freeipa.test

[root@auto-hv-02-guest06 ~]# ipa realmdomains-show
  Domain: realm120118.test, freeipa.test

[root@auto-hv-02-guest06 ~]# echo Secret123 | ipa trust-add ipaad2016.test
--admin Administrator --password
ipa: ERROR: an internal error has occurred


[root@auto-hv-02-guest06 ~]#  ipa realmdomains-mod --del-domain freeipa.test
  Domain: realm120118.test
[root@auto-hv-02-guest06 ~]# systemctl stop sssd; rm -f /var/lib/sss/{db,mc}/*;
systemctl start sssd
[root@auto-hv-02-guest06 ~]#
[root@auto-hv-02-guest06 ~]#
[root@auto-hv-02-guest06 ~]# echo Secret123 | ipa trust-add ipaad2016.test
--admin Administrator --password
-----------------------------------------------
Re-established trust to domain "ipaad2016.test"
-----------------------------------------------
  Realm name: ipaad2016.test
  Domain NetBIOS name: IPAAD2016
  Domain Security Identifier: S-1-5-21-813110839-3732285123-1597101681
  Trust direction: Trusting forest
  Trust type: Active Directory domain
  Trust status: Established and verified



Actual results:
getting ipa: ERROR: an internal error has occurred

Expected results:
Trust should re-established

Additional info:
Attached httpd_error_log

Metadata Update from @rcritten:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1533803

6 years ago

Metadata Update from @rcritten:
- Issue assigned to abbra
- Issue priority set to: critical

6 years ago

cheimes commented 5 years ago

As discussion with Alexander, I'm lowering priority to "important".

Metadata Update from @cheimes:
- Issue priority set to: important (was: critical)

5 years ago

abiagion commented 5 years ago

master:

81f36df ipaserver/dcerpc.py: handle indirect topology conflicts

Metadata Update from @abiagion:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

5 years ago

abiagion commented 5 years ago

@abbra, I need you to manually backport this PR to 4.6.

Metadata Update from @abiagion:
- Issue status updated to: Open (was: Closed)

5 years ago

abbra commented 5 years ago

ipa-4-6:

693ce94 ipaserver/dcerpc.py: handle indirect topology conflicts

Metadata Update from @abbra:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

5 years ago

Metadata

Assignee

abbra

Tags

None

Blocking

None

Depending on

None

Priority

important

Milestone

FreeIPA 4.5.5

None

affects_doc

None

source

None

knownissue

None

type

None

blockedby

None

test_case

None

component

None

blocking

None

on_review

None

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1533803

tester

None

changelog

None

design

None

freeipa

Source Code

#7370 Seeing "ipa: ERROR: an internal error has occurred" during ipa trust-add command Closed: fixed 5 years ago Opened 6 years ago by rcritten.

Metadata

#7370 Seeing "ipa: ERROR: an internal error has occurred" during ipa trust-add command

Closed: fixed 5 years ago Opened 6 years ago by rcritten.