Bug 1033068
Summary: | Trust add tries to add same value of --base-id for sub domain, causing an error | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Steeve Goveas <sgoveas> |
Component: | ipa | Assignee: | Martin Kosek <mkosek> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Namita Soman <nsoman> |
Severity: | high | Docs Contact: | |
Priority: | urgent | ||
Version: | 7.0 | CC: | dpal, jgalipea, rcritten |
Target Milestone: | beta | Keywords: | TestBlocker |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-3.3.3-5.el7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-06-13 09:48:22 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Steeve Goveas
2013-11-21 14:01:20 UTC
Upstream ticket: https://fedorahosted.org/freeipa/ticket/4041 Since a idrange for sub domains does not exist, it will lead to sub domain users being unable to use ipa resources. Is that right? Can a idrange be added manually for the sub domain to work around this issue? Fixed upstream: master: https://fedorahosted.org/freeipa/changeset/63d4f306867095654d1b46c8731a95140a5126ce ipa-3-3: https://fedorahosted.org/freeipa/changeset/ca11a28cab0d3bcc4b92187f50b8de4178da4fce [root@rhel7-b ~]# ipa trust-find ---------------- 0 trusts matched ---------------- ---------------------------- Number of entries returned 0 ---------------------------- [root@rhel7-b ~]# ipa idrange-find --------------- 1 range matched --------------- Range name: TESTRELM.COM_id_range First Posix ID of the range: 1794000000 Number of IDs in the range: 200000 First RID of the corresponding RID range: 1000 First RID of the secondary RID range: 100000000 Range type: local domain range ---------------------------- Number of entries returned 1 ---------------------------- [root@rhel7-b ~]# /usr/bin/ipa trust-add --type=ad adtest.qe --admin Administrator --password --base-id 1511200000 Active directory domain administrator's password: ------------------------------------------ Re-established trust to domain "adtest.qe" ------------------------------------------ Realm name: adtest.qe Domain NetBIOS name: ADTEST Domain Security Identifier: S-1-5-21-1910160501-511572375-3625658879 SID blacklist incoming: S-1-0, S-1-1, S-1-2, S-1-3, S-1-5-1, S-1-5-2, S-1-5-3, S-1-5-4, S-1-5-5, S-1-5-6, S-1-5-7, S-1-5-8, S-1-5-9, S-1-5-10, S-1-5-11, S-1-5-12, S-1-5-13, S-1-5-14, S-1-5-15, S-1-5-16, S-1-5-17, S-1-5-18, S-1-5-19, S-1-5-20 SID blacklist outgoing: S-1-0, S-1-1, S-1-2, S-1-3, S-1-5-1, S-1-5-2, S-1-5-3, S-1-5-4, S-1-5-5, S-1-5-6, S-1-5-7, S-1-5-8, S-1-5-9, S-1-5-10, S-1-5-11, S-1-5-12, S-1-5-13, S-1-5-14, S-1-5-15, S-1-5-16, S-1-5-17, S-1-5-18, S-1-5-19, S-1-5-20 Trust direction: Two-way trust Trust type: Active Directory domain Trust status: Established and verified [root@rhel7-b ~]# ipa idrange-find ---------------- 3 ranges matched ---------------- Range name: ADTEST.QE_id_range First Posix ID of the range: 1511200000 Number of IDs in the range: 200000 First RID of the corresponding RID range: 0 Domain SID of the trusted domain: S-1-5-21-1910160501-511572375-3625658879 Range type: Active Directory domain range Range name: PUNE.ADTEST.QE_id_range First Posix ID of the range: 839000000 Number of IDs in the range: 200000 First RID of the corresponding RID range: 0 Domain SID of the trusted domain: S-1-5-21-91314187-2404433721-1858927112 Range type: Active Directory domain range Range name: TESTRELM.COM_id_range First Posix ID of the range: 1794000000 Number of IDs in the range: 200000 First RID of the corresponding RID range: 1000 First RID of the secondary RID range: 100000000 Range type: local domain range ---------------------------- Number of entries returned 3 ---------------------------- Verified in version ipa-server-3.3.3-5.el7.x86_64 This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |