Adding a trust that does not exist or adding a trust on a fresh install says "Re-established Trust to domain realm "
[root@dhcp207-183 ~]# ipa trust-find ---------------- 0 trusts matched ---------------- ---------------------------- Number of entries returned 0 ---------------------------- [root@dhcp207-183 ~]# klist Ticket cache: KEYRING:persistent:0:krb_ccache_ilKm7ab Default principal: admin@IPA.ADLABS.COM Valid starting Expires Service principal 12/03/2013 08:42:37 12/04/2013 08:41:41 HTTP/dhcp207-183.ipa.adlabs.com@IPA.ADLABS.COM 12/03/2013 08:41:43 12/04/2013 08:41:41 krbtgt/IPA.ADLABS.COM@IPA.ADLABS.COM [root@dhcp207-183 ~]# kdestroy [root@dhcp207-183 ~]# klist klist: No credentials cache found while retrieving principal name [root@dhcp207-183 ~]# kinit admin Password for admin@IPA.ADLABS.COM: [root@dhcp207-183 ~]# klist Ticket cache: KEYRING:persistent:0:krb_ccache_ilKm7ab Default principal: admin@IPA.ADLABS.COM Valid starting Expires Service principal 12/03/2013 11:16:33 12/04/2013 11:16:30 krbtgt/IPA.ADLABS.COM@IPA.ADLABS.COM [root@dhcp207-183 ~]# ipa trust-add adlabs.com --type ad --admin administrator --password Active directory domain administrator's password: ------------------------------------------- Re-established trust to domain "adlabs.com" ------------------------------------------- Realm name: adlabs.com Domain NetBIOS name: ADLABS Domain Security Identifier: S-1-5-21-3069109027-1612402048-776712048 SID blacklist incoming: S-1-0, S-1-1, S-1-2, S-1-3, S-1-5-1, S-1-5-2, S-1-5-3, S-1-5-4, S-1-5-5, S-1-5-6, S-1-5-7, S-1-5-8, S-1-5-9, S-1-5-10, S-1-5-11, S-1-5-12, S-1-5-13, S-1-5-14, S-1-5-15, S-1-5-16, S-1-5-17, S-1-5-18, S-1-5-19, S-1-5-20 SID blacklist outgoing: S-1-0, S-1-1, S-1-2, S-1-3, S-1-5-1, S-1-5-2, S-1-5-3, S-1-5-4, S-1-5-5, S-1-5-6, S-1-5-7, S-1-5-8, S-1-5-9, S-1-5-10, S-1-5-11, S-1-5-12, S-1-5-13, S-1-5-14, S-1-5-15, S-1-5-16, S-1-5-17, S-1-5-18, S-1-5-19, S-1-5-20 Trust direction: Two-way trust Trust type: Active Directory domain Trust status: Established and verified
Alexander, is this s 3.3.x regression?
Sumit identified that this is most likely due to a change we did to support subdomains. So it is a regression.
Thanks for info. In that case please feel free to start working on this ticket (either you or Sumit), you do not need to wait for the triage meeting.
Patch sent for review: https://www.redhat.com/archives/freeipa-devel/2013-December/msg00028.html
master: 73e7a6c[[BR]] ipa-3-3: ee87f1c
Metadata Update from @steeve: - Issue assigned to abbra - Issue set to the milestone: FreeIPA 3.3.x - 2013/12 (bug fixing)
Login to comment on this ticket.