Bug 1250107
Summary: | IPA framework should not allow modifying trust on AD trust agents | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Jan Cholasta <jcholast> |
Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> |
Severity: | unspecified | Docs Contact: | |
Priority: | medium | ||
Version: | 7.2 | CC: | mbasti, mvarun, rcritten, tbabej |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-4.2.0-5.el7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-11-19 12:04:56 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jan Cholasta
2015-08-04 14:19:51 UTC
Fixed upstream master: https://fedorahosted.org/freeipa/changeset/1f62ab72caacbdb8eb892173d72c81e984a9fe56 ipa-4-2: https://fedorahosted.org/freeipa/changeset/91c9559eea9d16c9915d35cfed6b22b43bc19809 Could you please add steps to verify this bug? Tomas is author This bug is about detecting whether it makes sense to run trust-related commands on a server. If it does not (samba is not installed) a helpful message is provided instead, referring to the servers that are capable of performing the required command. Steps therefore are: 1. install ipa server 2. install adtrust on it 3. install a replica 4. run a trust related (trust-add, trust-fetch-domains) command on the replica Your action should be denied and a helpful message referring you to the original IPA server should be provided. Verified. ipa-server-4.2.0-13.el7.x86_64 [root@replica ~]# ipa trust-find --------------- 1 trust matched --------------- Realm name: adlabs.com Domain NetBIOS name: ADLABS Domain Security Identifier: S-1-5-21-3069109027-1612402048-776712048 Trust type: Active Directory domain ---------------------------- Number of entries returned 1 ---------------------------- [root@replica ~]# [root@replica ~]# [root@replica ~]# [root@replica ~]# echo Secret123|ipa trust-add --type=ad adlabs.com --admin Administrator --password ipa: ERROR: Cannot perform the selected command without Samba 4 support installed. Make sure you have installed server-trust-ad sub-package of IPA. Alternatively, following servers are capable of running this command: master2.dtestrelm.test Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-2362.html |