Bug 1438348
Summary: | Console output message while adding trust should be mapped with texts changed in Samba. | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Sudhir Menon <sumenon> |
Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
Status: | CLOSED ERRATA | QA Contact: | Varun Mylaraiah <mvarun> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.4 | CC: | abokovoy, frenaud, ksiddiqu, mbasti, mvarun, pvoborni, rcritten, tscherf |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-4.5.0-6.el7 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-08-01 09:47:49 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Sudhir Menon
2017-04-03 07:19:30 UTC
Similarly for the below testcase scenario, the output has changed. ===trust add failing when NetBIOS name misconfigured should display correct message, bz867442 === Earlier:- echo **** | ipa trust-add --type=ad ipaad2008r2.test --admin Administrator --password --two-way=True ipa: ERROR: invalid 'AD Trust Setup': the IPA server and the remote domain cannot share the same NetBIOS name: IPAAD2008R2 Now:- [root@autohv01 httpd]# echo *** | ipa trust-add --type=ad ipaad2008r2.test --admin Administrator --password --two-way=True ipa: ERROR: CIFS server communication error: code "None", message "(-1073741772, 'The object name is not found.')" (both may be "None") Alexander, your PR https://github.com/freeipa/freeipa/pull/682 addresses this issue right? (In reply to Petr Vobornik from comment #4) > Alexander, your PR https://github.com/freeipa/freeipa/pull/682 addresses > this issue right? Yes, this is exactly for the issues described in this bug (description + comment #3). I was waiting for Sudhir to file this bug. Issue mentioned in comment #3 was tried manually again and i see that the correct messages is displayed instead of the error code. <snip> Server host name [autohv01.testreal.test]: Warning: skipping DNS resolution of host autohv01.testreal.test The domain name has been determined based on the host name. Please confirm the domain name [testreal.test]: The kerberos protocol requires a Realm name to be defined. This is typically the domain name converted to uppercase. Please provide a realm name [TESTREAL.TEST]: [root@autohv01 samba]# /usr/sbin/ipa-adtrust-install --netbios-name=IPAAD2008R2 [root@autohv01 samba]# ipa trust-add --type=ad ipaad2008r2.test --admin Administrator --password ipa: ERROR: invalid 'AD Trust Setup': the IPA server and the remote domain cannot share the same NetBIOS name: IPAAD2008R2 Upstream ticket: https://pagure.io/freeipa/issue/6859 Fixed upstream master: https://pagure.io/freeipa/c/aef77b3529540ad12939a2cc54996c341c5d49d3 https://pagure.io/freeipa/c/e560899cce20ca7773a5ce46a1c29db1349e8ec7 ipa-4-5: https://pagure.io/freeipa/c/bbb23fc87a51218960d54f9eccc23405c5c5ded6 https://pagure.io/freeipa/c/45e1998c51e281c8371ae31762016cb1ddec406f Tested on RHEL7.4 using [root@autohv02 ~]# rpm -q ipa-server 389-ds-base sssd selinux-policy krb5-server pki-server ipa-server-4.5.0-13.el7.x86_64 389-ds-base-1.3.6.1-15.el7.x86_64 sssd-1.15.2-37.el7.x86_64 selinux-policy-3.13.1-152.el7.noarch krb5-server-1.15.1-8.el7.x86_64 pki-server-10.4.1-6.el7.noarch 1. With incorrect server name [root@autohv02 ~]# ipa trust-add --type=ad ipaad2008r2.test --admin Administrator --password --two-way=True --server=zombie.ipaad2008r2.test Active Directory domain administrator's password: ipa: ERROR: Cannot find specified domain or server name [root@autohv02 ~]# echo $? 2 2. With same NETBIOS name that of AD [root@autohv02 ~]# ipa-adtrust-install --netbios-name=IPAAD2008R2 The log file for this installation can be found in /var/log/ipaserver-install.log ============================================================================== This program will setup components needed to establish trust to AD domains for the IPA Server. This includes: * Configure Samba * Add trust related objects to IPA LDAP server To accept the default shown in brackets, press the Enter key. Configuring cross-realm trusts for IPA server requires password for user 'admin'. This user is a regular system account used for IPA server administration. admin password: IPA generated smb.conf detected. Overwrite smb.conf? [no]: yes Do you want to enable support for trusted domains in Schema Compatibility plugin? This will allow clients older than SSSD 1.9 and non-Linux clients to work with trusted users. Enable trusted domains support in slapi-nis? [no]: Current NetBIOS domain name is TRUSTCLI, new name is IPAAD2008R2. Please note that changing the NetBIOS name might break existing trust relationships. Say 'yes' if the NetBIOS shall be changed and 'no' if the old one shall be kept. Do you want to reset the NetBIOS domain name? [no]: Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2304 |