Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1697242

Summary: Communication with oddjob helper fails
Product: Red Hat Enterprise Linux 7 Reporter: anuja <amore>
Component: ipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED ERRATA QA Contact: ipa-qe <ipa-qe>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.7CC: abokovoy, cheimes, frenaud, ksiddiqu, ndehadra, pvoborni, rcritten, tscherf
Target Milestone: rcKeywords: Regression, TestBlocker
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-4.6.5-5.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-08-06 13:09:37 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description anuja 2019-04-08 07:44:49 UTC 
Description of problem:
ipa trust-add fails for option --external

Version-Release number of selected component (if applicable):
samba-4.9.1-3.el7.x86_64
ipa-server-4.6.5-4.el7.x86_64

How reproducible:
Always

Steps to Reproduce:
1.  Setup IPA server
2.  ipa-adtrust-install
3.  ipa trust-add --admin --type=ad --external=True/False

Actual results:
ipa: ERROR: an internal error has occurred

Expected results:
Trust should add.
Comment 4 anuja 2019-04-08 07:57:48 UTC 
Also Fails For one-way trust-add :
# ipa trust-add --admin --type=ad
ipa: ERROR: an internal error has occurred
Comment 5 Alexander Bokovoy 2019-04-08 08:56:11 UTC 
It is actually failing for one-way trust only.
Comment 6 Christian Heimes 2019-04-08 15:52:31 UTC 
Fixed upstream
master:
https://pagure.io/freeipa/c/cb0f24bfe251c4d659354da520be65e999f2245b
Comment 7 Christian Heimes 2019-04-08 17:18:06 UTC 
Fixed upstream
ipa-4-7:
https://pagure.io/freeipa/c/b903df96fc5c6352da62bba3b08ce57268977478
Comment 8 Christian Heimes 2019-04-08 17:20:00 UTC 
Fixed upstream
ipa-4-6:
https://pagure.io/freeipa/c/51fdbf2ba1beb38eb8c1d54b02b956aedad06782
Comment 10 anuja 2019-04-09 08:18:32 UTC 
Verified :
ipa-server-4.6.5-5.el7.x86_64

[root@bender ~]#  ipa trust-add ipaad2016.test --admin Administrator --type=ad --external=False
Active Directory domain administrator's password: 
-------------------------------------------------------
Added Active Directory trust for realm "ipaad2016.test"
-------------------------------------------------------
  Realm name: ipaad2016.test
  Domain NetBIOS name: IPAAD2016
  Domain Security Identifier: S-1-5-21-813110839-3732285123-1597101681
  Trust direction: Trusting forest
  Trust type: Active Directory domain
  Trust status: Established and verified

[root@bender ~]#  ipa trust-add ipaad2016.test --admin Administrator --type=ad --external=True
Active Directory domain administrator's password: 
-------------------------------------------------------
Added Active Directory trust for realm "ipaad2016.test"
-------------------------------------------------------
  Realm name: ipaad2016.test
  Domain NetBIOS name: IPAAD2016
  Domain Security Identifier: S-1-5-21-813110839-3732285123-1597101681
  Trust direction: Trusting forest
  Trust type: Non-transitive external trust to a domain in another Active Directory forest
  Trust status: Established and verified

[root@bender ~]#  ipa trust-add ipaad2016.test --admin Administrator --type=ad
Active Directory domain administrator's password: 
-------------------------------------------------------
Added Active Directory trust for realm "ipaad2016.test"
-------------------------------------------------------
  Realm name: ipaad2016.test
  Domain NetBIOS name: IPAAD2016
  Domain Security Identifier: S-1-5-21-813110839-3732285123-1597101681
  Trust direction: Trusting forest
  Trust type: Active Directory domain
  Trust status: Established and verified

[root@bender ~]# echo Password123 | ipa trust-add ipaad2016.test --admin Administrator  --range-type=ipa-ad-trust --password --two-way=True
-------------------------------------------------------
Added Active Directory trust for realm "ipaad2016.test"
-------------------------------------------------------
  Realm name: ipaad2016.test
  Domain NetBIOS name: IPAAD2016
  Domain Security Identifier: S-1-5-21-813110839-3732285123-1597101681
  Trust direction: Two-way trust
  Trust type: Active Directory domain
  Trust status: Established and verified
[root@bender ~]#
Comment 13 errata-xmlrpc 2019-08-06 13:09:37 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:2241