Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 988473
Created attachment 778387 smbd logs Description of problem: When establishing a trust with: ipa trust-add --all --type=ad addomain.com --admin='my.name' --password --base-id=791200000 --range-size=200000 The trust setup fails, printing the following error: ipa: DEBUG: Caught fault 2100 from server https://ipa.ipadomain.com/ipa/xml: Insufficient access: CIFS server denied your credentials ipa: DEBUG: Destroyed connection context.xmlclient ipa: ERROR: Insufficient access: CIFS server denied your credentials Version-Release number of selected component (if applicable): ipa-server-3.0.0-26.el6_4.2.x86_64 How reproducible: Always Steps to Reproduce: 1. Create user in a group that has all privileges selected 2. Use this user to create a trust 3. Actual results: Above error Expected results: Trust created Additional info: I've attached samba logs at level 11 and the apache logs.
Corrective action: the Trusted Admin group needs a SID and that SID neds to be made so samba will trate it as allowed to create trusted domains.
3.4 development was shifted for one month, moving tickets to reflect reality better.
Adjusting time plan - 3.4 development was postponed as we focused on 3.3.x testing and stabilization.
This ticket was not addressed in 4.0 timeframe, moving to 4.1.
There was no time for this bug in 4.1 - moving out.
Processing 4.2 backlog. This ticket was found as something that is not a priority for the nearest releases.
But as usual, please feel free to discuss your use cases or contribute patches, to make that happen sooner!
Metadata Update from @mkosek: - Issue assigned to someone - Issue set to the milestone: Future Releases
Add a healthcheck check for RID 512 assigned to 'admins' group.
Metadata Update from @rcritten: - Issue close_status updated to: None - Issue tagged with: healthcheck
Login to comment on this ticket.