https://bugzilla.redhat.com/show_bug.cgi?id=867447 (Red Hat Enterprise Linux 6)
Description of problem: When changing the NetBIOS name of the IPA domain, ipa-adtrust-install missed changing one object (ipaNTFlatName): [root@f18-1 ~]# ipa-adtrust-install The log file for this installation can be found in /var/log/ipaserver-install.log ============================================================================== This program will setup components needed to establish trust to AD domains for the FreeIPA Server. This includes: * Configure Samba * Add trust related objects to FreeIPA LDAP server To accept the default shown in brackets, press the Enter key. IPA generated smb.conf detected. Overwrite smb.conf? [no]: yes The following operations may take some minutes to complete. Please wait until the prompt is returned. Enter the NetBIOS name for the IPA domain. Only up to 15 uppercase ASCII letters and digits are allowed. Example: EXAMPLE. NetBIOS domain name [TESTRELM]: Configuring cross-realm trusts for IPA server requires password for user 'admin'. This user is a regular system account used for IPA server administration. admin password: ...output truncated... [root@f18-1 ~]# ldapsearch -H ldapi://%2fvar%2frun%2fslapd-TESTRELM-COM.socket objectclass=ipaNTDomainAttrs SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 # extended LDIF # # LDAPv3 # base <dc=testrelm,dc=com> (default) with scope subtree # filter: objectclass=ipaNTDomainAttrs # requesting: ALL # # testrelm.com, ad, etc, testrelm.com dn: cn=testrelm.com,cn=ad,cn=etc,dc=testrelm,dc=com ipaNTFallbackPrimaryGroup: cn=Default SMB Group,cn=groups,cn=accounts,dc=testr elm,dc=com objectClass: ipaNTDomainAttrs objectClass: nsContainer objectClass: top ipaNTSecurityIdentifier: S-1-5-21-2925033745-151447840-2997953556 ipaNTFlatName: ADTESTDOM ipaNTDomainGUID: b6f2eca8-01a0-4041-aac6-58446c934b13 cn: testrelm.com # search result search: 3 result: 0 Success # numResponses: 2 # numEntries: 1 Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. Install IPA Master 2. Install AD Server 3. run ipa-adtrust-install with one NetBIOS name 4. re-run ipa-adtrust-install with new NetBIOS name 5. ldapsearch -H ldapi://%2fvar%2frun%2fslapd-<INSTANCE_NAME>.socket objectclass=ipaNTDomainAttrs Actual results: Shows original NetBIOS name, not new one. Expected results: Shows new NetBIOS name. Additional info: To workaround this, ldapmodify object like this: ldapmodify -H ldapi://%2fvar%2frun%2fslapd-TESTRELM-DOM.socket << EOF dn: cn=testrelm.com,cn=ad,cn=etc,dc=testrelm,dc=com changetype: modify replace: ipaNTFlatName ipaNTFlatName: TESTRELM EOF
master: b204881[[BR]] ipa-3-0: 349ab51
Metadata Update from @mkosek: - Issue assigned to sbose - Issue set to the milestone: FreeIPA 3.0.1 (bug fixing)
Login to comment on this ticket.