Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1533803
Created attachment 1380359 httpd_error_log Description of problem: ipa trust-add command is failing after adding dns record. Version-Release number of selected component (if applicable): ipa-server-4.5.4-8.el7.x86_64 How reproducible: 100% Steps to Reproduce: 1. Install IPA server. 2. Establish trust 3. Add dnszone for xyz.test domain 4. create a _kerberos TXT record for xyz.test domain 5. modify realmdomain (ipa realmdomains-mod --add-domain xyz.test) 6. Try to re-establish trust [root@auto-hv-02-guest06 ~]# echo Secret123 | ipa trust-add ipaad2016.test --admin Administrator --password ----------------------------------------------- Re-established trust to domain "ipaad2016.test" ----------------------------------------------- Realm name: ipaad2016.test Domain NetBIOS name: IPAAD2016 Domain Security Identifier: S-1-5-21-813110839-3732285123-1597101681 Trust direction: Trusting forest Trust type: Active Directory domain Trust status: Established and verified [root@auto-hv-02-guest06 ~]# ipa dnszone-show freeipa.test Zone name: freeipa.test. Active zone: TRUE Authoritative nameserver: auto-hv-02-guest06.realm120118.test. Administrator e-mail address: hostmaster SOA serial: 1515741245 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Allow query: any; Allow transfer: none; [root@auto-hv-02-guest06 ~]# ipa realmdomains-mod --add-domain freeipa.test ipa: ERROR: invalid 'domain': The realm of the following domains could not be detected: freeipa.test. If these are domains that belong to the this realm, please create a _kerberos TXT record containing "REALM120118.TEST" in each of them. [root@auto-hv-02-guest06 ~]# ipa dnsrecord-add freeipa.test _kerberos --txt-data=REALM120118.TEST Record name: _kerberos TXT record: REALM120118.TEST [root@auto-hv-02-guest06 ~]# ipa realmdomains-mod --add-domain freeipa.test ipa: WARNING: The _kerberos TXT record from domain freeipa.test could not be created (no modifications to be performed). This can happen if the zone is not managed by IPA. Please create the record manually, containing the following value: 'REALM120118.TEST' Domain: realm120118.test, freeipa.test [root@auto-hv-02-guest06 ~]# ipa realmdomains-show Domain: realm120118.test, freeipa.test [root@auto-hv-02-guest06 ~]# echo Secret123 | ipa trust-add ipaad2016.test --admin Administrator --password ipa: ERROR: an internal error has occurred [root@auto-hv-02-guest06 ~]# ipa realmdomains-mod --del-domain freeipa.test Domain: realm120118.test [root@auto-hv-02-guest06 ~]# systemctl stop sssd; rm -f /var/lib/sss/{db,mc}/*; systemctl start sssd [root@auto-hv-02-guest06 ~]# [root@auto-hv-02-guest06 ~]# [root@auto-hv-02-guest06 ~]# echo Secret123 | ipa trust-add ipaad2016.test --admin Administrator --password ----------------------------------------------- Re-established trust to domain "ipaad2016.test" ----------------------------------------------- Realm name: ipaad2016.test Domain NetBIOS name: IPAAD2016 Domain Security Identifier: S-1-5-21-813110839-3732285123-1597101681 Trust direction: Trusting forest Trust type: Active Directory domain Trust status: Established and verified Actual results: getting ipa: ERROR: an internal error has occurred Expected results: Trust should re-established Additional info: Attached httpd_error_log
Metadata Update from @rcritten: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1533803
Metadata Update from @rcritten: - Issue assigned to abbra - Issue priority set to: critical
As discussion with Alexander, I'm lowering priority to "important".
Metadata Update from @cheimes: - Issue priority set to: important (was: critical)
master:
Metadata Update from @abiagion: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
@abbra, I need you to manually backport this PR to 4.6.
Metadata Update from @abiagion: - Issue status updated to: Open (was: Closed)
ipa-4-6:
Metadata Update from @abbra: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.