freeipa

Clone
Source Code
GIT

#2864 Internal error in trust-add-ad when --admin in name@domain format
Closed: Fixed None Opened 11 years ago by pvoborni.

Closed: Fixed
Reopen Issue

When add_trust_ad is called with admin(realm_admin) option in format name@domain an internal error is thrown.

Input command (JSON RPC format):

{"method":"trust_add_ad","params":[["ad.test"],
{"realm_admin":"administrator@ad.test","realm_passwd":"aaa111AAA"}]}

Note: In this case using admin name in different format (Administrator or AD\Administrator) doesn't work either but it returns better error ('Working LSA pipe' is required).

Part of Log: 

rpc fault: WERR_ACCESS_DENIED
[Fri Jun 22 07:33:36 2012] [error] ipa: ERROR: non-public: RuntimeError: (-1073741790, 'Access denied')
[Fri Jun 22 07:33:36 2012] [error] Traceback (most recent call last):
[Fri Jun 22 07:33:36 2012] [error]   File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 332, in wsgi_execute
[Fri Jun 22 07:33:36 2012] [error]     result = self.Command[name](*args, **options)
[Fri Jun 22 07:33:36 2012] [error]   File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 432, in __call__
[Fri Jun 22 07:33:36 2012] [error]     ret = self.run(*args, **options)
[Fri Jun 22 07:33:36 2012] [error]   File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 738, in run
[Fri Jun 22 07:33:36 2012] [error]     return self.execute(*args, **options)
[Fri Jun 22 07:33:36 2012] [error]   File "/usr/lib/python2.7/site-packages/ipalib/plugins/trust.py", line 167, in execute
[Fri Jun 22 07:33:36 2012] [error]     result = trustinstance.join_ad_full_credentials(keys[-1], realm_server, realm_admin, realm_passwd)
[Fri Jun 22 07:33:36 2012] [error]   File "/usr/lib/python2.7/site-packages/ipaserver/dcerpc.py", line 311, in join_ad_full_credentials
[Fri Jun 22 07:33:36 2012] [error]     self.__populate_remote_domain(realm, realm_server, realm_admin, realm_passwd)
[Fri Jun 22 07:33:36 2012] [error]   File "/usr/lib/python2.7/site-packages/ipaserver/dcerpc.py", line 301, in __populate_remote_domain
[Fri Jun 22 07:33:36 2012] [error]     td.retrieve(rd.info['dns_hostname'])
[Fri Jun 22 07:33:36 2012] [error]   File "/usr/lib/python2.7/site-packages/ipaserver/dcerpc.py", line 162, in retrieve
[Fri Jun 22 07:33:36 2012] [error]     self._policy_handle = self._pipe.OpenPolicy2(u"", objectAttribute, security.SEC_FLAG_MAXIMUM_ALLOWED)
[Fri Jun 22 07:33:36 2012] [error] RuntimeError: (-1073741790, 'Access denied')
[Fri Jun 22 07:33:36 2012] [error] ipa: INFO: admin@IDM.LAB.BOS.REDHAT.COM: trust_add_ad(u'ad.test', realm_admin=u'administrator@ad.test', realm_passwd=u'********'): RuntimeError

Pushed to master: dadfbf9

Rename "trusts" component to "Trusts" to achieve correct sorting.

Metadata Update from @pvoborni:
- Issue assigned to abbra
- Issue set to the milestone: FreeIPA 3.0 Beta 2
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
defect
None
None
Trusts
None
1
None
None
None
None
0
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.