Bug 1355753
Summary: | adding two way non transitive(external) trust displays internal error on the console | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Sudhir Menon <sumenon> | ||||||||
Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> | ||||||||
Status: | CLOSED ERRATA | QA Contact: | Kaleem <ksiddiqu> | ||||||||
Severity: | unspecified | Docs Contact: | |||||||||
Priority: | unspecified | ||||||||||
Version: | 7.3 | CC: | mbabinsk, pvoborni, rcritten | ||||||||
Target Milestone: | rc | Keywords: | TestBlocker | ||||||||
Target Release: | --- | ||||||||||
Hardware: | Unspecified | ||||||||||
OS: | Unspecified | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | ipa-4.4.0-10.el7 | Doc Type: | If docs needed, set a value | ||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2016-11-04 05:57:36 UTC | Type: | Bug | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Attachments: |
|
The issue is while adding two way non transitive (external) trust which gives internal error on the console Created attachment 1178901 [details]
ipa-server install log
Created attachment 1178902 [details]
ipa-adtrust-install
Upstream ticket: https://fedorahosted.org/freeipa/ticket/6057 Message displayed on the UI. IPA Error 903: InternalError : an internal error has occurred master: * 33f8685513e06f6a398036a78407d61c3ac2db86 Always fetch forest info from root DCs when establishing two-way trust * c789b17b2e28ed9008fee076a0db72fe90f7e93f factor out `populate_remote_domain` method into module-level function * 4ca671788cc54a00de6a55a2529df6126da14d88 Always fetch forest info from root DCs when establishing one-way trust ipa-4-4: * 58513d3b2a72b6c15bdf5676ed63d6eb74f36ed7 Always fetch forest info from root DCs when establishing two-way trust * 034b78e320e4868e4dee520690bb49fefc242cde factor out `populate_remote_domain` method into module-level function * a532edf97337a80b0777fb00cc1b9e57ef8cf487 Always fetch forest info from root DCs when establishing one-way trust Fix is seen. Verified on RHEL7.3 using ipa-server-4.4.0-10.el7.x86_64 ipa-server-trust-ad-4.4.0-10.el7.x86_64 [root@master ~]# ipa trust-add test.qa --external='true' --two-way=true Active Directory domain administrator: administrator Active Directory domain administrator's password: ---------------------------------------- Re-established trust to domain "test.qa" ---------------------------------------- Realm name: test.qa Domain NetBIOS name: TEST Domain Security Identifier: S-1-5-21-4204873575-1158510886-1449965812 Trust direction: Two-way trust Trust type: Non-transitive external trust to a domain in another Active Directory forest Trust status: Established and verified [root@master ~]# ipa idrange-find ---------------- 2 ranges matched ---------------- Range name: TEST.QA_id_range First Posix ID of the range: 330800000 Number of IDs in the range: 200000 First RID of the corresponding RID range: 0 Domain SID of the trusted domain: S-1-5-21-4204873575-1158510886-1449965812 Range type: Active Directory domain range Range name: TESTRELM.TEST_id_range First Posix ID of the range: 1306000000 Number of IDs in the range: 200000 First RID of the corresponding RID range: 1000 First RID of the secondary RID range: 100000000 Range type: local domain range ---------------------------- Number of entries returned 2 ---------------------------- Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2404.html |
Created attachment 1178890 [details] error log Description of problem: adding two way transitive trust gives internal error on the console Version-Release number of selected component (if applicable): ipa-server-trust-ad-4.4.0-1.el7.x86_64 ipa-server-dns-4.4.0-1.el7.noarch ipa-server-common-4.4.0-1.el7.noarch ipa-server-4.4.0-1.el7.x86_64 How reproducible: Always. Steps to Reproduce: 1. Install ipa-server 2. ipa-adtrust-install 3. add forward-zone for the domain to be trusted. 4. now add two-way trust [root@server]# ipa trust-add test.qa --external='true' --two-way=true Actual results: [root@server]# ipa trust-add test.qa --external='true' --two-way=true Active Directory domain administrator: administrator Active Directory domain administrator's password: ipa: ERROR: an internal error has occurred [root@server ~]# ipa trust-find --------------- 1 trust matched --------------- Realm name: test.qa Domain NetBIOS name: TEST Domain Security Identifier: S-1-5-21-4204873575-1158510886-1449965812 Trust type: Non-transitive external trust to a domain in another Active Directory forest ---------------------------- Number of entries returned 1 ---------------------------- [root@server ~]# ipa idrange-find ---------------- 2 ranges matched ---------------- Range name: TEST.QA_id_range First Posix ID of the range: 330800000 Number of IDs in the range: 200000 First RID of the corresponding RID range: 0 Domain SID of the trusted domain: S-1-5-21-4204873575-1158510886-1449965812 Range type: Active Directory domain range Range name: TESTRELM.TEST_id_range First Posix ID of the range: 160600000 Number of IDs in the range: 200000 First RID of the corresponding RID range: 1000 First RID of the secondary RID range: 100000000 Range type: local domain range ---------------------------- Number of entries returned 2 ---------------------------- Expected results: Although the trust gets added successfully the message displayed on the console should be fixed. Additional info: Attaching httpd error_log file