Multiple nightly tests are failing when setting up a trust in SElinux enforcing mode. See PR #413: - test_idviews: report - test_ipahealthcheck_trust: report - test_sssd: report - test_trust: report
test_idviews
test_ipahealthcheck_trust
test_sssd
test_trust
Similar logs:
RUN ['ipa', 'trust-add', '--type', 'ad', 'ad.test', '--range-type', 'ipa-ad-trust', '--admin', 'Administrator', '--password'] ipa: ERROR: error on server 'master.ipa.test': Fetching domains from trusted forest failed. See details in the error_log Exit code: 1
with httpd's error_log:
ipa: INFO: [jsonserver_kerb] admin@IPA.TEST: trust_add/1('ad.test', trust_type='ad', realm_admin='Administrator', realm_passwd='********', range_type='ipa-ad-trust', version='2.239'): RemoteRetrieveError failed to set perms (3140) on file (/run/ipa/ccaches/admin@IPA.TEST)!, referer: https://master.ipa.test/ipa/xml ipa: ERROR: Helper fetch_domains was called for forest ad.test, return code is 1 ipa: ERROR: Standard output from the helper: --- ipa: ERROR: Error output from the helper: Traceback (most recent call last): File "/usr/lib/python3.8/site-packages/ipaserver/dcerpc.py", line 852, in __gen_lsa_connection result = lsa.lsarpc(binding, self.parm, self.creds) samba.NTSTATUSError: (3221225485, 'An invalid parameter was passed to a service or function.') During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/libexec/ipa/oddjob/com.redhat.idm.trust-fetch-domains", line 314, in <module> domains = dcerpc.fetch_domains( File "/usr/lib/python3.8/site-packages/ipaserver/dcerpc.py", line 1524, in fetch_domains domains = communicate(td) File "/usr/lib/python3.8/site-packages/ipaserver/dcerpc.py", line 1484, in communicate td.init_lsa_pipe(td.info['dc']) File "/usr/lib/python3.8/site-packages/ipaserver/dcerpc.py", line 876, in init_lsa_pipe self._pipe = self.__gen_lsa_connection(binding) File "/usr/lib/python3.8/site-packages/ipaserver/dcerpc.py", line 855, in __gen_lsa_connection raise assess_dcerpc_error(e) ipalib.errors.RemoteRetrieveError: CIFS server communication error: code "3221225485", message "An invalid parameter was passed to a service or function." (both may be "None") -- ipa: INFO: [jsonserver_session] admin@IPA.TEST: trust_add/1('ad.test', trust_type='ad', realm_admin='Administrator', realm_passwd='********', range_type='ipa-ad-trust', version='2.239'): ServerCommandError
This has already been reported in https://bugzilla.redhat.com/show_bug.cgi?id=1797719 (selinux/Fedora32)
Without Samba logs it is impossible to say what's actually happened. Can we add /var/log/samba/* to the list of collected logs?
Also, running trust tests with
[global] log level = 10
in /usr/share/ipa/smb.conf.empty and
/usr/share/ipa/smb.conf.empty
[global] debug=True
in /etc/ipa/server.conf
/etc/ipa/server.conf
would allow us to capture client-side issues (like this one)
also, we need to understand don't audit rules because it was supposed to be fixed with changes went in with https://pagure.io/freeipa/issue/8395
Similar error observed in [testing_master_testing_selinux] PR 526 : Logs
Similar error observed in [testing_master_testing_selinux] PR 526 : Logs for test - test_ipahealthcheck_adtrust - test_integration/test_sssd.py::TestSSSDWithAdTrust : Logs
test_ipahealthcheck_adtrust
test_integration/test_sssd.py::TestSSSDWithAdTrust
Following failures were also observed Logs - test_integration/test_trust.py::TestTrust::test_establish_nonposix_trust - test_integration/test_trust.py::TestTrust::test_trustdomains_found_in_nonposix_trust - test_integration/test_trust.py::TestTrust::test_upn_in_nonposix_trust - test_integration/test_trust.py::TestTrust::test_upn_user_authentication_in_nonposix_trust - test_integration/test_trust.py::TestTrust::test_establish_posix_trust - test_integration/test_trust.py::TestTrust::test_trustdomains_found_in_posix_trust - test_integration/test_trust.py::TestTrust::test_establish_external_subdomain_trust - test_integration/test_trust.py::TestTrust::test_establish_external_treedomain_trust - test_integration/test_trust.py::TestTrust::test_establish_external_rootdomain_trust - test_integration/test_trust.py::TestTrust::test_trustdomains_found_in_forest_trust_with_shared_secret - test_integration/test_trust.py::TestTrust::test_server_option_with_unreachable_ad
test_integration/test_trust.py::TestTrust::test_establish_nonposix_trust
test_integration/test_trust.py::TestTrust::test_trustdomains_found_in_nonposix_trust
test_integration/test_trust.py::TestTrust::test_upn_in_nonposix_trust
test_integration/test_trust.py::TestTrust::test_upn_user_authentication_in_nonposix_trust
test_integration/test_trust.py::TestTrust::test_establish_posix_trust
test_integration/test_trust.py::TestTrust::test_trustdomains_found_in_posix_trust
test_integration/test_trust.py::TestTrust::test_establish_external_subdomain_trust
test_integration/test_trust.py::TestTrust::test_establish_external_treedomain_trust
test_integration/test_trust.py::TestTrust::test_establish_external_rootdomain_trust
test_integration/test_trust.py::TestTrust::test_trustdomains_found_in_forest_trust_with_shared_secret
test_integration/test_trust.py::TestTrust::test_server_option_with_unreachable_ad
Metadata Update from @frenaud: - Issue assigned to frenaud
Metadata Update from @frenaud: - Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/5385
master:
ipa-4-8:
ipa-4-9:
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Another failure observed: PR633, logs
Login to comment on this ticket.